Fortify WebInspect

  On this page:

WebInspect is an automated dynamic testing solution that provides comprehensive vulnerability detection helps security professionals and QA testers identify security vulnerabilities and configuration issues.

(1 customer review)
Product is rated as #3 in category DAST Tools

WebInspect is an automated dynamic testing solution that provides comprehensive
vulnerability detection helps security professionals and QA testers identify security vulnerabilities and configuration issues.

It does this by simulating real-world external security attacks on a running application to identify problems and prioritize them for root-cause analysis. In addition, WebInspect has numerous REST APIs that benefit from integration and can be managed through an intuitive UI or run entirely via automation.

Fortify WebInspect Homepage

Key Features

Functional Application Security Testing (FAST)

Don’t be limited by IAST! FAST can take all the functional tests and use them the same way IAST does, but then it keeps crawling. So even if a practical test misses something, FAST won’t miss it.

Hacker-Level Insights

View findings such as client-side frameworks and the version numbers findings could become vulnerabilities if not updated.

Manage Enterprise Application Security Risk

Monitor trends within an application and take action on the most critical vulnerabilities to meet DevOps needs.

Flexible Deployment

Start quickly and scale as needed with the flexibility of on-premise, SaaS, or AppSec-as-a-service.

Compliance Management

Pre-configured policies and reports for all major compliance regulations related to web application security, including PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPAA.

Increase Speed with Horizontal Scaling

Horizontal scaling creates little versions of WebInspect using Kubernetes that just focus on processing JavaScript. This allows the scans to work in parallel, allowing for much faster scans.

Scan Any API for Improved Accuracy

Get a complete story around APIs, whether SOAP, Rest, Swagger, OpenAPI, or Postman.

Key Benefits

Find Vulnerabilities Faster and Earlier

WebInspect can be tuned and optimized for your application to find vulnerabilities faster and earlier in the SDLC. Enhance scan with agent technology that expands the coverage of the attack surface and detects additional types of vulnerabilities.

• WebInspect Agent integrates dynamic testing and runtime analysis to enhance your findings and scope. It identifies vulnerabilities by crawling more of the app, expanding attack surface coverage, and exposing exploits better than dynamic testing alone.

Prioritization with advanced technologies:

• Run custom policies tuned towards high speed with the policy manager.
• Simultaneous crawl and audit.
• Deduplication: Reduce the number of attacks sent by avoiding scanning the same class/function in a different part of the app.
• Check Avoidance: Reduce # of attacks sent by avoiding sending multiple attacks to a specific check type if the agent determines the app can handle the attack. Info is loaded into Fortify Software Security Center (SSC) & used with Fortify Static Code Analyzer (SCA) scan results where issues are correlated.
• Redundant Page Detection allows for reduced scan times.
• Fix vulnerabilities faster as devs are provided with a line of code detail and return stack trace info.

Save Time with Automation and Agent Technology

• Save time and resources with features like redundant page detection, automated
macro generations, incremental scanning, and containerized delivery.

• Optimize the scanning process, increase speed, and improve accuracy.

Crawl Modern Frameworks and Web Technologies

WebInspect is a comprehensive dynamic application scanner that can crawl modern frameworks and web technology with a complete audit of all vulnerability classes.

Support for the latest web technologies, including HTML5, JSON, AJAX, JavaScript, HTTP2, and more.

• Single Page Application (SPA) Detection supporting these common frameworks: Angular, AngularJS, React, GWT, Vue, Dojo, and Backbone.
• Test mobile-optimized websites as well as native web service calls.
• WebInspect provides features like automatic, macro generation, macro validation, and fix validation to enable small teams to detect and remediate vulnerabilities at scale.
• A solution to SCHANNEL lockdown issues, OpenSSL Preview provides a simple solution for environments where SSL is restricted either by registry or group policy.

1 review for Fortify WebInspect

4.0 out of 5
0
1
0
0
0
Write a review
Show all Most Helpful Highest Rating Lowest Rating
  1. Nathan G.

    It does a decent job on scanning however it requires development in resource management. You should have at least 16GM ram and it may still freezes up.

    + PROS: good price value
    - CONS: hardware heavy
    Helpful(0) Unhelpful(0)You have already voted this

    Add a review

    Your email address will not be published.

    Videos: Fortify WebInspect

    Fortify WebInspect
    Fortify WebInspect

    Free!

    AppSec Santa