We are pleased to announce the general availability of HP WebInspect 10.0. With four out of the six most reported vulnerabilities from 2000-2012 exploitable via the web, it is clear that web applications remain a substantial target for malicious attackers. HP WebInspect 10.0 offers features designed to help both professional pen testers and novice security testers better secure their web applications and prevent the damages a successful cyber-attack can bring. This new version simplifies the vulnerability discovery process and enables organizations to expand security testing to non-security personnel as well as to make security specialists more efficient.
The following summarizes the highlights in this release, with more in-depth information available in the documentation referenced below.
Easier to get meaningful results— HP WebInspect 10.0 makes it easier to get high-quality and meaningful results by interactively guiding the user to an optimized security test configuration, no matter how complex the underlying application. Testers do not have to understand the nuances of the code they are testing.
Provides comprehensive technology support — Expert research on the latest threats and improved support for modern Web 2.0 application technologies combine to provide more confident and accurate coverage of any application.
Enables broader adoption — HP WebInspect 10.0 brings sophisticated penetration testing technology to experienced and novice security testers alike, enabling broader adoption of security testing and pushing pen testing deeper into the Secure Development Life Cycle (SDLC).
Web Application Firewall/IPS Integration — HP WebInspect 10.0 improves its integration with leading Web Application Firewalls and Intrusion Prevention Systems from F5, Imperva and HP TippingPoint to streamline application-layer protections against vulnerabilities found in production or in third-party applications. The application security testing results obtained by WebInspect is used to filter and protect the application without affecting its availability to users.
Enhancements to WebInspect Real-Time — HP WebInspect Real-Time combines the dynamic security testing capabilities of HP WebInspect and the runtime analysis capabilities of the HP SecurityScope agent to provide enhanced application coverage, confirmation of vulnerabilities, and line-of-code details to accelerate remediation of vulnerabilities. Enhancements to the automatic crawling capabilities of WebInspect 10.0 has served to greatly improve WebInspect Real-Time results.
How to Access Downloads for Customers:
HP WebInspect 10.0 is now available for download to customers on the HP Software Updates portal. Access to the system requires an HP Passport account and knowing the customer’s HP Support Agreement ID (SAID).
Select My Updates.
Enter your HP Passport user id and password.
Enter your SAID if one is not already attached to your Passport account.
Click the View available products button.
HP Fortify products are listed under the Application Security Center category.
Please continue to use support.fortify.com to access your fortify.license file (used with non-WebInspect Fortify products), creating HP Fortify support tickets and accessing the knowledge base. You will be required to input the SAID number associated with your account. If you do not know your SAID number or if you have any questions, please direct them through the support portal (support.fortify.com) or email to FortifyTechSupport@hp.com.
How to Access Downloads for Evaluations:
HP WebInspect 10.0 is also now available for Trial download to clients on the public product page. To have your Trial license capabilities expanded, please use the details provided in the received Activation Token e-mail to contact HP Fortify Sales.