Occasional Contributor
Re: Interaction of WebInspect with the Application in Step Mode
[ Edited ]

Good Morning Hans,


thanks for your reply.


Please allow me to clarify, what exactly concerns me, as I seem to have failed to make this clear. It's much information again, so I couloured the actual question in green. I hope this helps.

While I completely understand how to work with the Step Mode (I'm using it for applcations that are to complex in regards of user interaction to use automated scans), I just don't really grasp how the Step Mode itself works.


To give an example:

I used WebInspect against an online banking application. This application invalidates sessions pretty fast (luckily). So I used the Step Mode to browse the application, finished brwosing by closing the browser (Firefox in that case. IE has some issues, but that's a story and for another time), clicked "Finish" and started the audit afterwards by clicking "Start / Resume".


To my surprise, WebInspect still received valid responses from the application after more than two and a half hours. I never recorded a login macro (wouldn't work as there is some challange-respsonse fun in the site that requires mouse-clicking...ugly), still WebInspect was able to interact with the application although should have killed the sessions hours ago.


Please don't get me wrong: so far I'm really happy with this. I just don't understand, how this may be possible.


Until some days ago, this was solely a matter of couriosity and I never looked into this any further. But shortly before my last post the question has arisen, wether we can run WebInspect against the same environment we run our functional testing on. Does WebInspect actually modify values in the testing environment and therefore possibly render it useless for functional testing?


The scenario is to have the functional tester do their work during the day, while WebInspect is working as a proxy, recording their steps. After end of business, we start the audit based on the browsing done that day by the testers. Is there a risk WebInspect modifies the test environment in a way so the functional test can't continue his work the next morning?