Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

WebInspect 10.20 Release

jgriggs ‎05-01-2014 12:10 PM - edited ‎09-25-2015 10:21 AM

HP Fortify and the WebInspect team announced the release of WebInspect and WebInspect Enterprise 10.20 on April 17th.  Current customers can upgrade WebInspect version 10.20 using the SmartUpdate utility. Additionally, customers can download the latest release from and  


WebInspect 10.20

HP WebInspect 10.20 has several new features and many improvements to existing features.

  • WebInspect Agent
  • WebInspect API
  • FIPS Compliance
  • Unified Taxonomy
  • Burp Proxy and Selenium Script import
  • Improvements to the Underlying Script Engine
  • Native Mobile Service Scanning
  • Mobile Web Site Scanning

Current customers can refer to the communication sent out on Thursday, April 17th for additional information.


WebInspect Agent

WebInspect 10.20 introduces the WebInspect Agent.  Built on top of the Fortify runtime framework, the Agent is an IAST tool which interacts with the WebInspect client in a 2-way communication. The Agent sits inside of the runtime of a web application and permits WebInspect to know and understand the internal interactions of the application as it is being tested.  The WebInspect Agent is delivered free of charge to all current customers of WebInspect and WebInspect Enterprise and can be downloaded from



WebInspect API

WebInspect 10.20 introduces a new API which allows customers to control their instance of WebInspect remotely.  Users can now configure new scans, retrieve information about scans in progress, and export results from completed scans in a remote and flexible way.  The API is a RESTful service installed with WebInspect and configured to be disabled by default. Customers wishing to utilize the new API can enable it from the Windows Services screen.


FIPS compliance

WebInspect can now run in Windows environments configured for compliance with the Federal Information Processing Standards (FIPS).  WebInspect will automatically detect when Windows is enforcing FIPS compliance mode and shift the cryptographic algorithms accordingly.


Unified Taxonomy

All Fortify products now have their vulnerabilities categorized under the 7 Pernicious Kingdoms taxonomy.  This taxonomy is different from many of those that have taken hold as industry standards in that it covers all vulnerabilities rather than the top 10 or top 25 categories.  This comprehensive taxonomy is also designed with developers in mind rather than security professionals and uses language borrowed from biology. The primary goal of defining this taxonomy is to organize sets of security rules that can be used to help software developers understand the kinds of errors that have an impact on security. By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future. For more information on the 7 pernicious Kingdoms Taxonomy visit


BURP Proxy and Selenium Script Import

WebInspect already supported importing UFT scripts, now it also supports importing BURP suite proxy exports and with the help of the new API can also import Selenium scripts.  These features aid customers in ensuring full coverage of their site by utilizing resources many QA teams already have.


Improvement to the Underlying Script Engine

The underlying engine used by WebInspect to parse web page layouts and scripting has been upgraded enabling WebInspect to natively understand the newest web technologies such as HTML 5.  Additionally, WebInspect can now identify redundant script executions across pages such as menus or formatting and avoid retesting this code, saving time and improving performance.


Native Mobile Web Service Scanning

WebInspect 10.20 introduces a new scanning option to test the traffic between a mobile application and the backend server. 


Mobile Web Site Scanning

Mobile sites can be scanned with custom user agents or popular mobile platform user agents like Safari or Chrome for Android.  In this mode, WebInspect scans the site content as it would be rendered to a mobile browser.





If you would like to request a trial of WebInspect or to find out more about the product please visit us at

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all