WebInspect Scan for Silverlight application (294 Views)
Reply
Frequent Advisor
sample
Posts: 108
Registered: ‎01-31-2011
Message 1 of 5 (294 Views)

WebInspect Scan for Silverlight application

Hi - Im trying to run WebInspect Scan for Silverlight application.  The issue is I'm able to successfully navigate the pages in a Silverlight application manually without the tool. But If I try the same with WebInspect, I face issues in accessing these pages. Even though, I tried below settings it fails.

 

  1. Silverlight setting is enabled in default scan settings.
  2. I tried to add to IP address of the server in the host file:  c:\WINDOWS\System32\drivers\etc\hosts.
  3. Had set proxy settings in IE.
  4. Increased the timeout secs to 120 to 1000 secs in default scan settings.

 

The error that I receive is :

Unable to parse Web Server response : Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

 

 

What settings is required to avoid above error and to scan a silverlight application successfully.

 

Please use plain text.
Respected Contributor
HansEnders
Posts: 586
Registered: ‎07-01-2008
Message 2 of 5 (262 Views)

Re: WebInspect Scan for Silverlight application

This sounds more like an error in the proxy configuration.  WebInspect has two entries for proxies.  The first is how WebInspect reaches HP on the Internet, and that is found under the Edit menu > Application Settings > Proxy panel.  The second one is for how WebInspect reaches its target, and that is found under the Edit menu > default Scan Settings > Proxy panel.

 

I suspect that while you have WebInspect set to borrow the proxy settings from MSIE that the proxy uses some sort of authentication.  A common fix is to change the WebInspect proxy setting to "Direct Connection", as most scan targets are on the same network and the proxy is not really involved.  If the proxy does use authentication, you must manually enter that into the WebInspect proxy configuration, as WebInspect cannot borrow the auth credentials from MSIE, only the network details.  Microsoft ISA proxy is a common trouble-maker in this sort of situation, as it invisibly steals the Windows credentials for auth and yet that setting is not visible in the MSIE proxy settings.


-- Habeas Data
Please use plain text.
Frequent Advisor
sample
Posts: 108
Registered: ‎01-31-2011
Message 3 of 5 (251 Views)

Re: WebInspect Scan for Silverlight application

Thanks for the solution. I tried changing the proxy settings. But it didnt help in resolving the issue! :-( Are any alternate solution to this?

 

Please use plain text.
Respected Contributor
HansEnders
Posts: 586
Registered: ‎07-01-2008
Message 4 of 5 (247 Views)

Re: WebInspect Scan for Silverlight application

If you are unable to determine the connection issue, I would record the browser traffic with the included Web Proxy tool and then provide that PSF capture file to Fortify Support for review.  Again, you may need to explicitly define your network proxy and any required authentication credentials within that tool to effectively browse the web application.

 

And always try the Direct Connection (no proxy) option, just in case it works despite what your network admins have told you about required proxies.


-- Habeas Data
Please use plain text.
Frequent Advisor
sample
Posts: 108
Registered: ‎01-31-2011
Message 5 of 5 (228 Views)

Re: WebInspect Scan for Silverlight application

I had raised a case in fortify support as well. I had sent the fiddler capture to them. Im waiting for their updates.

Could you suggest any other options to resolve this issue.

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation