Assuring Software Quality and Performance

 
 
you're here:    home what we sell HP application security centre  webinspect

HP WebInspect

HP WebInspect is dynamic application security testing software for assessing security of Web

applications and Web services. HP WebInspect gives security professionals and security novices

alike the power and knowledge to quickly identify and validate critical, high-risk

security vulnerabilities in applications running in development, QA or production.

 

HP WebInspect at a glance

Assessment technology

  • Advanced client-side scripting technology to analyse JavaScript, Flash, and others
  • Produce faster scans and more accurate results through simultaneous crawl and audit and concurrent scanning
  • Advanced macro recording technology and flexible authentication handling for improved session management in complex applications
  • Increase accuracy of detection using Intelligent Engines designed to imitate a hacker’s methodology
  • Innovative application architecture profiler assists in tuning the scan configuration and recommends improvements in site coverage and accuracy
  • List-driven assessments for targeted and efficient application scanning
  • Optimizations for depth-first crawling option for websites that enforce order-dependent navigation
  • Fingerprinting of Web framework using Smart Scan technology to reduce unnecessary attacks HP WebInspect Real-Time
  • Integrated dynamic and real-time analysis to find more vulnerabilities and fix them faster
  • Works in concert with HP Fortify SecurityScope to observe attacks at the code level during dynamic scans
  • Identify and crawl more of an application to expand the coverage of the attack surface and detect new types of vulnerabilities
  • Provides stack traces and line-of-code detail to confirmed vulnerabilities

Interactive vulnerability review and management

  • Streamlined vulnerability review process enables user to interact with test results

  • Flexible vulnerability results view for grouping and filtering of results
  • Displays detailed steps to reproduce a vulnerability and show how it was identified
  • Retest a single vulnerability by re-executing the series of steps to validate or regression test a fix
  • Enter manual findings and attach screenshots and documents to test results for better context and communication
  • Persist test results across scans

Advanced web services security testing

  • Support for complex data types for rendering advanced WSDLs and specifying test data
  • Automatically discover and audit web services embedded in an application
  • Focused web service attacks and fuzzing
  • Web Service Security Designer tool for configuring Web service security tests

Refined and simple usability

  • Quickly initiate simple or regression scans with minimal configuration for immediate results

  • Walk through an intuitive wizard to setup a scan and begin reviewing results within seconds

  • Review and control multiple simultaneous scans and reports through a tabbed interface

  • Submit false positive reports and other feedback directly and securely to HP in just a couple clicks

  • Create reusable, componentized macros to record testing steps and login procedures

  • Develop custom attacks and policies quickly and easily using the custom check wizard

Actionable remediation and compliance reports

  • Run compliance reports for all major regulatory standards, including PCI, SOX, ISO, and HIPAA

  • Create flexible, extensible, and scalable reports that match your business

  • Simplify repetitive report generation through report templates

  • Customize fonts, colors, and backgrounds with the style editor allowing you to generate scan reports with a professional, polished appearance

  • Assess application security trends and readiness

Key integrations

  • Integrate into your defect management processes without-of-the-box integrations with HP Quality Center
  • Integrate into your enterprise application security management process with an out-of-the-box integration with HP Assessment Management Platform software
  • Extensive data export via XML for open integration with other security management systems
  • Include information from external data sources in your reports via ODBC, SQL, or XML connections

Advanced tools for penetration testers(HP Security Toolkit)

  • Report Designer: allows you to create new reports or customize the ones from HP, combine external datasources, edit the style, and create custom user input
  • SQL injector: extract entire databases by using SQL injection vulnerabilities
  • Cookie cruncher: analyze the strength of cookies to avoid session hijacking
  • Encoder: translate different encryption and encoding standards
  • HTTP editor: create and edit raw HTTP requests
  • Regex editor: test and build regular expressions
  • Web Service Test Designer: generate and edit raw Web services requests
  • Web Fuzzer: identify buffer overflows using HTTP fuzzing or modify input variables
  • Web Proxy: view every request and server response while browsing a site
  • WebBrute: test the strength of login forms or Web and proxy authentication systems
  • WebDiscovery: identify and discover which Webservers and Web applications are behind which ports
  • Server analyzer: identify a Web server or device and perform deep SSL analysis
  • Traffic monitor: monitor every HTTP request and response sent during the crawl and audit

Ready to buy? Contact us to obtain a quote alt

Still not quite sure? Fill out a Services Enquiry Form and one of our qualified WebInspect

specialists will be pleased to answer your questions.

 
 

quick links

Functional Testing

Performance Testing

StarBase Blog

Contact Us

In the Know