The community will be in read-only from Tuesday 11:59pm (PST) to Wednesday 7:30am (PST)
The community will be in read-only from Tuesday 11:59pm (PST) to Wednesday 7:30am (PST)
WebInspect
cancel
Showing results for 
Search instead for 
Did you mean: 

Does anyone have a How to for Web Service scan

i2try
Acclaimed Contributor

Does anyone have a How to for Web Service scan

I need to scan some of our web services.  It requires a WSDL file, I have reached out to the developers for this and they have provided it.  After I step thru the wizard it launches the Design window.  I have no idea what to do here. 

 

Any information or training material is appreciated.

 

Thanks, 

4 REPLIES
HansEnders
Honored Contributor

Re: Does anyone have a How to for Web Service scan

There are related postings for this:

 

http://h30499.www3.hp.com/t5/WebInspect/Walk-through-on-how-to-scan-Web-Services-with-WebInspect/m-p/5658909#M1524

 

 

SOAP-based services are scanned via the Web Services Scan wizard.  The Web Service Design tool is used prior to the scan to prepare the SOAP details to help WebInspect understand and Crawl the web service effectively.  It also permits configuration of various certificate-based authentication to the web service, as needed.

 

RESTful are scanned using the standard Web Site Scan wizard.  Import the WADL file to the Custom Parameters scan settings.  If the WADL is missing, you must check the Recommendations pane for post-scan analysis to see if new Custom Parameters has suggestions to edit the Current Scan Settings.  You would accept those, then use the Rescan button (toolbar area) to "rinse-and-repeat".

 

 

The Help Guides (F1 button) in WebInspect and in the Web Service Design tool offer a host of details.

 

The public demo target site also offers a tutorial here:  http://zero.webappsecurity.com/customeraccounts/

 

 


-- Habeas Data
HPE Fortify Customers-Only Forums – https://protect724.hpe.com/community/fortify
Highlighted
k1DBLITZ
Regular Collector

Re: Does anyone have a How to for Web Service scan

If memory serves correctly you can access the wsdl by adding a "?wsdl" (minus the quotes) to the end of the URL.

i2try
Acclaimed Contributor

Re: Does anyone have a How to for Web Service scan

I have tried to run the tutorial but when I load the .wsdl I get and error. Anyone else having that issus?
HansEnders
Honored Contributor

Re: Does anyone have a How to for Web Service scan

You may need to work with Customer Support to get into those details.

http://h30499.www3.hp.com/t5/WebInspect/How-to-contact-HP-ASC-Customer-Support/m-p/2394765#M141

-- Habeas Data
HPE Fortify Customers-Only Forums – https://protect724.hpe.com/community/fortify
//Add this to "OnDomLoad" event