Re: Does Webinspect Supports Testing Post Back Frameworks Like JSF/ADF
I am unsure of the full coverage, but WebInspect already includes a scan settings template for ADF Server Faces, visible in the scan wizard. This drops in customized settings our developers have identified for that sort of environment.
HP WebInspect 10.0 responds to this challenge by introducing Adaptive Component Recognition (ACR). Instead of indiscriminately "clicking" hyperlinks and blindly processing interactable elements, ACR technology recognizes structural patterns in a web application to organize it into logical units. For example, instead of simply analyzing a page for hyperlinks, span, and div tags with associated script events, these elements together can be recognized as grid controls and list controls. Furthermore, they can be recognized as controls for specific frameworks like jQuery and extJS, enabling a better understanding of the application and ultimately resulting in the most comprehensive application security analysis of your applications.
Enhancements for specific frameworks and components include JQuery (multiple versions), Ext-JS, ARIA, and DOJO. The ACR capabilities include detection of frameworks and are automatically performed as part of using WebInspect; no additional configuration is needed.ACR more accurately processes the content of web applications and finds more locations that are potentially vulnerable to attack. Note that performing more attacks can result in scans taking longer to run.
-- Habeas Data Micro Focus Fortify Customers-Only Forums – https://community.saas.hpe.com/t5/Fortify/ct-p/fortify