Fortify WebInspect - Application Security Toolset

Summary

Fortify WebInspect is a feature rich dynamic application security testing tool.

3 min read

What is Fortify WebInspect?

Fortify WebInspect is one of the most popular DAST tools in the pentester community for decades.

Fortify Webinspect Scan Result

Fortify WebInspect is an automated dynamic testing solution that provides comprehensive vulnerability detection and helps security professionals and QA testers identify security vulnerabilities and configuration issues.

 

It does this by simulating real-world external security attacks on a running application to identify problems and prioritize them for root-cause analysis.

 

In addition, WebInspect has numerous REST APIs that benefit from integration and can be managed through an intuitive UI or run entirely via automation.

Key Features

Functional Application Security Testing (FAST)

Don’t be limited by IAST! FAST can take all the functional tests and use them the same way IAST does, but then it keeps crawling. So even if a practical test misses something, FAST won’t miss it.

Hacker-Level Insights

View findings such as client-side frameworks and the version numbers findings could become vulnerabilities if not updated.

Manage Enterprise Application Security Risk

Monitor trends within an application and take action on the most critical vulnerabilities to meet DevOps needs.

Flexible Deployment

Start quickly and scale as needed with the flexibility of on-premise, SaaS, or AppSec-as-a-service.

Compliance Management

Pre-configured policies and reports for all major compliance regulations related to web application security, including PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPAA.

Increase Speed with Horizontal Scaling

Horizontal scaling creates little versions of WebInspect using Kubernetes that just focus on processing JavaScript. This allows the scans to work in parallel, allowing for much faster scans.

Key Benefits

Find Vulnerabilities Faster and Earlier

WebInspect can be tuned and optimized for your application to find vulnerabilities faster and earlier in the SDLC. Enhance scan with agent technology that expands the coverage of the attack surface and detects additional types of vulnerabilities.

 

• WebInspect Agent integrates dynamic testing and runtime analysis to enhance your findings and scope. It identifies vulnerabilities by crawling more of the app, expanding attack surface coverage, and exposing exploits better than dynamic testing alone.

 

Prioritization with advanced technologies:

 

• Run custom policies tuned towards high speed with the policy manager.

 

• Simultaneous crawl and audit.

 

• Deduplication: Reduce the number of attacks sent by avoiding scanning the same class/function in a different part of the app.

 

• Check Avoidance: Reduce # of attacks sent by avoiding sending multiple attacks to a specific check type if the agent determines the app can handle the attack. Info is loaded into Fortify Software Security Center (SSC) & used with Fortify Static Code Analyzer (SCA) scan results where issues are correlated.

 

• Redundant Page Detection allows for reduced scan times.


• Fix vulnerabilities faster as devs are provided with a line of code detail and return stack trace info.

Find Vulnerabilities Faster and Earlier

• Save time and resources with features like redundant page detection, automated
macro generations, incremental scanning, and containerized delivery.

 

• Optimize the scanning process, increase speed, and improve accuracy.

Find Vulnerabilities Faster and Earlier

WebInspect is a comprehensive dynamic application scanner that can crawl modern frameworks and web technology with a complete audit of all vulnerability classes.

 

Support for the latest web technologies, including HTML5, JSON, AJAX, JavaScript, HTTP2, and more.

 

• Single Page Application (SPA) Detection supporting these common frameworks: Angular, AngularJS, React, GWT, Vue, Dojo, and Backbone.


• Test mobile-optimized websites as well as native web service calls.


• WebInspect provides features like automatic, macro generation, macro validation, and fix validation to enable small teams to detect and remediate vulnerabilities at scale.


• A solution to SCHANNEL lockdown issues, OpenSSL Preview provides a simple solution for environments where SSL is restricted either by registry or group policy.

On this page:

Leave a Reply

Your email address will not be published.