P. 1
Untitled

Untitled

|Views: 1,268|Likes:
Published by api-82206812

More info:

Published by: api-82206812 on Jun 16, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/28/2013

pdf

text

original

After WebInspect assesses your application’s vulnerabilities, you may want to edit and save
the results for a variety of reasons, including:

Security—If an HTTP request or response contains passwords, account numbers, or
other sensitive data, you may want to delete or modify this information before making the
scan results available to other persons in your organization.

Correction—WebInspect occasionally reports a “false positive.” This occurs when
WebInspect detects indications of a possible vulnerability, but further investigation by a
developer determines that the problem does not actually exist. You can delete the
vulnerability from the session or delete the entire session. Alternatively, you can
designate it as a false positive (right-click the session in either the Site or Sequence view
and select Mark As False Positive).

Severity Modification—If you disagree with WebInspect’s ranking of a vulnerability,
you can assign a different level, using the following scale:

Record Keeping—You can modify any of the report fields associated with an individual
vulnerability (Summary, Execution, Recommendation, Implementation, Fixes, and
References). For example, you could add a paragraph to the Fixes section describing how
you actually fixed the problem.

Enhancement—If you discover a new vulnerability, you could define it and add it to a
session as a custom vulnerability.

Follow the steps below to edit a session:

1

In the navigation pane, right-click a session containing a vulnerability
- or -
in the summary pane, right-click a URL.

2

Select Edit Vulnerability from the short-cut menu.

0 - 9

Normal

10

Information

11 - 25

Low

26 - 50

Medium

51 - 75

High

76 - 100

Critical

Using WebInspect

79

The Edit Vulnerabilities window displays.

3

Select a vulnerability (if the session includes multiple vulnerabilities).

4

To add an existing vulnerability to the session (that is, one that exists in the database),
click Add Existing.

a

On the Add Existing Vulnerability window, enter part of a vulnerability name, or a
complete vulnerability ID number or type.

b

Click Search.

c

Select one or more of the vulnerabilities returned by the search.

d

Click OK.

5

To add a custom vulnerability, click Add Custom. You can then edit the vulnerability as
described in Step 7.

6

To delete the vulnerability from the selected session, click Delete.

7

To modify the vulnerability, select different options from the Vulnerability Detail section.
You can also change the descriptions that appear on the Summary, Implication, Execution,
Fix, and Reference Info tabs.

8

Click OK to save the changes.

80

Chapter 3

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->