Fortify WebInspect is a feature rich dynamic application security testing tool.
3 min read
Fortify WebInspect is one of the most popular DAST tools in the pentester community for decades.
Fortify WebInspect is an automated dynamic testing solution that provides comprehensive vulnerability detection and helps security professionals and QA testers identify security vulnerabilities and configuration issues.
It does this by simulating real-world external security attacks on a running application to identify problems and prioritize them for root-cause analysis.
In addition, WebInspect has numerous REST APIs that benefit from integration and can be managed through an intuitive UI or run entirely via automation.
Don’t be limited by IAST! FAST can take all the functional tests and use them the same way IAST does, but then it keeps crawling. So even if a practical test misses something, FAST won’t miss it.
View findings such as client-side frameworks and the version numbers findings could become vulnerabilities if not updated.
Monitor trends within an application and take action on the most critical vulnerabilities to meet DevOps needs.
Start quickly and scale as needed with the flexibility of on-premise, SaaS, or AppSec-as-a-service.
Pre-configured policies and reports for all major compliance regulations related to web application security, including PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPAA.
WebInspect can be tuned and optimized for your application to find vulnerabilities faster and earlier in the SDLC. Enhance scan with agent technology that expands the coverage of the attack surface and detects additional types of vulnerabilities.
• WebInspect Agent integrates dynamic testing and runtime analysis to enhance your findings and scope. It identifies vulnerabilities by crawling more of the app, expanding attack surface coverage, and exposing exploits better than dynamic testing alone.
Prioritization with advanced technologies:
• Run custom policies tuned towards high speed with the policy manager.
• Simultaneous crawl and audit.
• Deduplication: Reduce the number of attacks sent by avoiding scanning the same class/function in a different part of the app.
• Check Avoidance: Reduce # of attacks sent by avoiding sending multiple attacks to a specific check type if the agent determines the app can handle the attack. Info is loaded into Fortify Software Security Center (SSC) & used with Fortify Static Code Analyzer (SCA) scan results where issues are correlated.
• Redundant Page Detection allows for reduced scan times.
• Fix vulnerabilities faster as devs are provided with a line of code detail and return stack trace info.
• Save time and resources with features like redundant page detection, automated
macro generations, incremental scanning, and containerized delivery.
• Optimize the scanning process, increase speed, and improve accuracy.
WebInspect is a comprehensive dynamic application scanner that can crawl modern frameworks and web technology with a complete audit of all vulnerability classes.
• Single Page Application (SPA) Detection supporting these common frameworks: Angular, AngularJS, React, GWT, Vue, Dojo, and Backbone.
• Test mobile-optimized websites as well as native web service calls.
• WebInspect provides features like automatic, macro generation, macro validation, and fix validation to enable small teams to detect and remediate vulnerabilities at scale.
• A solution to SCHANNEL lockdown issues, OpenSSL Preview provides a simple solution for environments where SSL is restricted either by registry or group policy.