Data Sheet

Fortify WebInspect (DAST)

CyberRes Fortify WebInspect is a dynamic application security testing (DAST) tool
that identifies application vulnerabilities in deployed web applications and services.

WebInspect is an automated DAST solution • REST APIs help achieve a tighter integration Key Features
that provides comprehensive vulnerability and help automate scans and check
Functional Application Security Testing (FAST)
detection and helps security professionals whether compliance requirements have Don’t be limited by IAST! FAST can take all the
and QA testers identify security vulnerabilities been met. functional tests and use those in the same way IAST
and configuration issues. It does this by • Leverage prebuilt integrations for Micro does, but then it keeps crawling. Even if a functional
simulating real-world external security attacks test misses something, FAST won’t miss it.
Focus Application Lifecycle Management
on a running application to identify issues (ALM) and Quality Center, and other Hacker-Level Insights
and prioritize them for root-cause analysis. security testing and management systems. View findings such as client-side frameworks and
the version numbers—findings that could become
WebInspect has numerous REST APIs to • Powerful integrations allow teams to re-use vulnerabilities if not updated.
benefit integration and has the flexibility to existing scripts and tools. WebInspect can
be managed through an intuitive UI or run easily integrate with any Selenium script. HAR Files for Workflow Macros
WebInspect can use HAR files for workflow
completely via automation. • Scan RESTful web services: supports scanning, ensuring important content is covered
Swagger and OData formats via WISwag during scans.
Product Highlights command line tool, enabling WebInspect Manage Enterprise Application Security Risk
Automation with Integration to fit into any DevOps pipeline. Monitor trends within an application and take
WebInspect can be run as a fully-automated • Base settings: ScanCentral Admin can pre- action on the most critical vulnerabilities first to
solution to meet DevOps and scaling needs, meet DevOps needs.
configure a scan template and provide that
and integrate with the SDLC without adding to users to scan their apps—no security Flexible Deployment
additional overhead. knowledge needed. Start quickly and scale as needed with the flexibility
of on-premise, SaaS, or AppSec-as-a-service.

Shift DAST Left with WebInspect Compliance Management

Pre-configured policies and reports for all major
compliance regulations related to web application
security, including PCI DSS, DISA STIG, NIST 800-53,
ISO 27K, OWASP, and HIPAA.
Increase Speed with Horizontal Scaling
Horizontal scaling creates little versions of
Focus on WebInspect using Kubernetes that just focus on
Shift Left Traditional
Quality Model Quality Model processing JavaScript. This allows the scans to
Software work in parallel, allowing for much faster scans.
Scan Any API for Improved Accuracy
Get a complete story around APIs, whether it’s
SOAP, Rest, Swagger, OpenAPI, or Postman.
Planning Development Test Deploy Monitor
& Design & Build & Release & Analyze

Figure 1. Detect vulnerabilities earlier in the SDLC with WebInspect

Key Benefits • Test for a new class of vulnerabilities called
Find Vulnerabilities Faster and Earlier “Out of Band” or OAST Vulnerabilities.
WebInspect can be tuned and optimized for Using the public Fortify OAST server,
your application to find vulnerabilities faster WebInspect can detect OAST vulns such
and earlier in the SDLC. as Log4Shell.
• Single Page Application (SPA) Detection
Enhance scan with agent technology that supporting these common frameworks:
expands the coverage of the attack surface Angular, AngularJS, React, GWT, Vue,
and detects additional types of vulnerabilities. Dojo, and Backbone.
• WebInspect Agent integrates dynamic • Test mobile-optimized websites as well
Contact us at [Link]
testing and runtime analysis to enhance as native web service calls.
your findings and scope. It identifies Like what you read? Share it.
• WebInspect provides features like
vulnerabilities by crawling more of the automatic macro generation, macro
app, expanding coverage of the attack validation, and fix validation, to enable
surface, and exposing exploits better small teams to detect and remediate
than dynamic testing alone. vulnerabilities at scale.
Prioritization with advanced technologies: • A solution to SCHANNEL lockdown issues, • ScanCentral DAST Import: Users can import
• Run custom policies that are tuned towards OpenSSL Preview provides a simple solution scans from WebInspect or WebInspect
high speed with policy manager. for environments where SSL is being Enterprise into ScanCentral DAST for
restricted either by registry or group policy. review or archiving.
• Simultaneous crawl and audit.
• PostGresSQL: MS SQL is an expensive
• Deduplication: Reduce number of attacks Manage Enterprise AppSec Risk option for a database, so PostGresSQL
sent, by avoiding scanning the same class/ with ScanCentral DAST provides another option when installing
function in a different part of the app. Manage application security risk across the ScanCentral DAST without sacrificing
• Check Avoidance: Reduce # of attacks enterprise with reports for remediation and speed and quality.
sent by avoiding sending multiple attacks management oversight. Monitor trends
to a specific check type if the agent and take action on vulnerabilities within About Fortify
determines the app can handle the attack. an application. Build an enterprise-wide Fortify offers a comprehensive suite of
Info is loaded into Fortify Software Security AppSec program that manages and products that bring holistic security and
Center (SSC) & used with Fortify Static provides visibility to your risk profile via visibility to developers and AppSec
Code Analyzer scan results where issues dashboards and reports, so you can confirm professionals. Fortify provides automated
are correlated. remediation, track metrics, trends and integrations for any tool, anywhere in the
• Redundant Page Detection allows for progress. ScanCentral DAST can be used as SDLC, and a robust set of capabilities available
reduced scan times. an orchestration platform to run hundreds of on-premise, cloud-hosted, or as-a-service.
thousands of scans, enabling a small team
• Fix vulnerabilities faster as devs are
provided with line of code detail and
of AppSec professionals to manage an About CyberRes
entire organization. CyberRes is a leading provider of security
return stack trace info.
• Data Retention Policies: Rather than and compliance solutions for the modern
having to manually delete this data from enterprise that wants to mitigate risk in their
Save Time with Automation
ScanCentral, an admin can choose how hybrid environment and defend against
and Agent Technology
long they want to keep the data before it’s advanced threats. Based on market-leading
• Save time and resources with features
automatically deleted products from CyberRes Data Security,
like redundant page detection, automated
ArcSight, and Fortify, the CyberRes Security
macro generations, incremental scanning, • Deny Intervals: Users need to automate
Intelligence Platform uniquely delivers
and containerized delivery. when they can and can’t scan. If they’re in
the advanced correlation and analytics,
• Optimize the scanning process, increase the middle of testing, they need the app to
application protection, and data security
speed, and improve accuracy. be up, so this pauses the scan automatically.
to protect today’s hybrid IT infrastructure
• Site Explorer: Standalone allows from sophisticated cyber threats.
Crawl Modern Frameworks developers to get rich remediation
and Web Technologies information and WebInspect-like views. Learn more at
WebInspect crawls modern frameworks and • User and Domain Restrictions: Centralized [Link]/en-us/cyberres/
web technologies with a comprehensive managed of DAST users is complex. User application-security/webinspect
audit of all vulnerability classes. and Domain restrictions allow an admin to
• Support for the latest web technologies put rules in place to ensure quality scans
including HTML5, JSON, AJAX, JavaScript, when using ScanCentral DAST in a self-
HTTP2, and more. service model.

760-000017-004 | M | 05/22 | © 2022 Micro Focus or one of its affiliates. Micro Focus and the Micro Focus logo, among others,
are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States
and other countries. All other marks are the property of their respective owners.