Re: WebInspect how well doe it deal with ColdFusion sites. (138 Views)
Reply
Occasional Visitor
philglen
Posts: 1
Registered: ‎11-22-2013
Message 1 of 2 (168 Views)

WebInspect how well doe it deal with ColdFusion sites.

Does Webinspect do a deep inspection of ColdFusion site? If so is this automatic or does it need a lot of manual selection?

Respected Contributor
HansEnders
Posts: 613
Registered: ‎07-01-2008
Message 2 of 2 (138 Views)

Re: WebInspect how well doe it deal with ColdFusion sites.

For the most part, WebInspect does not care what brand the target site is, so long as it presents HTTP traffic/responses.  For due diligence, WebInspect does have named checks in the attack database for ColdFusion (see the Policy Manager tool), but the majority of its checks will fuzz the inputs regardless of the platform.

 

The true configuration you will need may involve the site itself.  For example, adding to the Web Form Editor's default values can aid the Crawler in intelligently filling in the available forms and thereby expanding the exposed attack surface area.  Session Exclusions or identifying custom State-keeping variables in the HTTP Parsing settings may also be needed.


-- Habeas Data
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.