Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Challenge-Response Authentication? No Problem.

‎05-02-2012 03:19 PM - edited ‎09-29-2015 09:47 AM

The following post is brought to you by one of HP's most talented presales consultants, Hans Enders, in collaboration with Steve Hardeman, Jeremy Brooks, and several other developers within the WebInspect team.

 

==========

 

A co-worker brought a recent industry discussion to my attention because he needed assurance our products could handle a Challenge-Response authentication scheme.  My first response was yes, and then I hung up.  I am not in any way an active participant in the blogosphere or twitterverse, but later I was asked to come back and actually show how this situation would manifest in our product.  This is where my fun started, because WebInspect 9.20 introduced a brand new web macro recorder tool known as TruClient, meant to augment and replace the prior Event-based and Session-based macro recorder tools.  I had been hearing good things about this new tool from internal sources, but I work in the world of technical PreSales and all product features have a grain of salt until they have been used live, and perhaps several times at that.  "Trust but verify"

 

This recent discussion offered a sample application called AuthExample and there was a bit of a gauntlet being thrown down as well.  I whole-heartedly agree with the authors that we vendors should be listening to these sorts of live queries and showing how it can be done, either out-of-the-box or via workarounds.  I spent some time with our developers learning more about TruClient's options and I have produced the attached visual study detailing both a simple and an advanced version of the Q&A sample application.  The default application took all of 5 minutes to set-up and record.  For the advanced case, I edited the application so that the Responses were not all using the same keyword for all the Questions, making it a bit more realistic.  I included my environment details should the reader wish to follow along.

 

I feel that the techniques shown with this study will be very valuable to our user community in using TruClient within WebInspect.  I always prefer complicated examples over simple ones, so perhaps this material will augment the typically dry internal documentation.

0 Kudos
About the Author

joe_sechman

Events
Each Month in 2016
Online
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
Sep 30
Seattle, WA
OpenStack Days Seattle
OpenStack Days Seattle, September 30, is the largest gathering of OpenStack users and prospective users in the Pacific Northwest region.
Read more
View all