Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Challenge-Response Authentication? No Problem.

joe_sechman ‎05-02-2012 03:19 PM - edited ‎09-29-2015 09:47 AM

The following post is brought to you by one of HP's most talented presales consultants, Hans Enders, in collaboration with Steve Hardeman, Jeremy Brooks, and several other developers within the WebInspect team.




A co-worker brought a recent industry discussion to my attention because he needed assurance our products could handle a Challenge-Response authentication scheme.  My first response was yes, and then I hung up.  I am not in any way an active participant in the blogosphere or twitterverse, but later I was asked to come back and actually show how this situation would manifest in our product.  This is where my fun started, because WebInspect 9.20 introduced a brand new web macro recorder tool known as TruClient, meant to augment and replace the prior Event-based and Session-based macro recorder tools.  I had been hearing good things about this new tool from internal sources, but I work in the world of technical PreSales and all product features have a grain of salt until they have been used live, and perhaps several times at that.  "Trust but verify"


This recent discussion offered a sample application called AuthExample and there was a bit of a gauntlet being thrown down as well.  I whole-heartedly agree with the authors that we vendors should be listening to these sorts of live queries and showing how it can be done, either out-of-the-box or via workarounds.  I spent some time with our developers learning more about TruClient's options and I have produced the attached visual study detailing both a simple and an advanced version of the Q&A sample application.  The default application took all of 5 minutes to set-up and record.  For the advanced case, I edited the application so that the Responses were not all using the same keyword for all the Questions, making it a bit more realistic.  I included my environment details should the reader wish to follow along.


I feel that the techniques shown with this study will be very valuable to our user community in using TruClient within WebInspect.  I always prefer complicated examples over simple ones, so perhaps this material will augment the typically dry internal documentation.

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all