WebInspect
Showing results for 
Search instead for 
Do you mean 

WebInspect how well doe it deal with ColdFusion sites.

Occasional Visitor

WebInspect how well doe it deal with ColdFusion sites.

Does Webinspect do a deep inspection of ColdFusion site? If so is this automatic or does it need a lot of manual selection?

1 REPLIES
Highlighted
Esteemed Contributor

Re: WebInspect how well doe it deal with ColdFusion sites.

For the most part, WebInspect does not care what brand the target site is, so long as it presents HTTP traffic/responses.  For due diligence, WebInspect does have named checks in the attack database for ColdFusion (see the Policy Manager tool), but the majority of its checks will fuzz the inputs regardless of the platform.

 

The true configuration you will need may involve the site itself.  For example, adding to the Web Form Editor's default values can aid the Crawler in intelligently filling in the available forms and thereby expanding the exposed attack surface area.  Session Exclusions or identifying custom State-keeping variables in the HTTP Parsing settings may also be needed.


-- Habeas Data
HP Fortify Customers-Only Forums – https://protect724.hp.com/community/fortify