Getting A Lot of HTTP 302 Error Codes When Crawling an Application
I am working to set up a test of a new application in my department and am getting a series of HTTP 302 error codes("Moved Temporarily") when WebInspect is crawling through the application. I am new to WebInspect and wanted to see if anyone has run into this before. I have been working to adjust test parameters to be able to crawl the site. The pages which are hit and resulting in the 302 error codes are valid pages.
Re: Getting A Lot of HTTP 302 Error Codes When Crawling an Application
WebInspect will record the initial HTTP Response, i.e. the 302 page. Any links discovered will (at some time later) be Crawled. The difficulty for your application is that it seems your Site Tree will have almost double the number of branches. And every branch listed must be individually fuzzed and Audited.
If the 302 was to a generic place-holder page, meaning the page really does not exist, you might find it useful to add the 302 page as a Custom File Not Found signature within the scan settings. This would cause WebInspect to identify these are 404 pages and limit their build-up in the Site Tree.
However, since these seem to be legitimate pages found elsewhere, you may need to suffer with them for the most thorough scan. If all of these are on the port 80 of the site and merely point to the 443 port version of the site, you might "fix" this by targeting only the 443 port URL in the Starting URL.
-- Habeas Data Micro Focus Fortify Customers-Only Forums – https://community.saas.hpe.com/t5/Fortify/ct-p/fortify