Using WebInspect 9.10 to scan a web service

Acclaimed Contributor

Using WebInspect 9.10 to scan a web service

Has anyone successfully completed a scan of a web service end point using WebInspect v9.10? If so, please post how this was done. Thanks.

Regular Collector

Re: Using WebInspect 9.10 to scan a web service



Here's how you configure a WS scan:


Click start a web service scan on WebInspect start page.

1) Enter a name for the scan in the Scan Name box.

Click the radio button for Configure a Web Service Scan - Enter or select the full path and name of a Web Service Definition Language (WSDL) file, or click to open a standard file-selection dialog and choose a WSDL file. You will import the WSDL file and later launch the Web Service Test Designer to configure a file containing values for each operation in the service.

Click Next.

2) Enter any credentials necessary for authentication or connectivity like credentials or proxy information.

Click Next.

3) Click the Design button to open the Web Service Test Designer. You can create a new Designer file or edit a web service design (WSD) file containing values that should be submitted to the WSDL file during the scan.

Click Next.

4) Click Scan to start it.


You can click the settings button in the lower left corner at any time while in the wizard to edit any settings that weren't displayed in the wizard.


This is a basic walkthrough on how to start a Web Service scan however if you want a more detailed walkthrough then I suggest reading through the help file regarding the Designer or contact the support group and they can walk you through the entire process.


Thanks and good luck,


HP Application Security
Acclaimed Contributor

Re: Using WebInspect 9.30 to scan a web service

Receiving the following error when scanning WSDL file: "This appears to be a WSDL 2.0 file which is not supported"


Currently using WebInspect Version


Questions are:


1) When will be WSDL 2.0 supported and is there a list of supported Web Service file types?


2) How is Web Inspect determing the WSDL format?  Is there a way to make file changes to allow the WSDL 2.0 format to be interegated by the current version of Web Inspect.




- RC



Honored Contributor

Re: Using WebInspect 9.30 to scan a web service

2. I believe WSDL are identified by the <definitions> element thus.

WSDL 2.0: xmlns="http://www.w3.org/ns/wsdl"
WSDL 1.2: xmlns="http://schemas.xmlsoap.org/wsdl/"

-- Habeas Data
HPE Fortify Customers-Only Forums – https://community.saas.hpe.com/t5/Fortify/ct-p/fortify
//Add this to "OnDomLoad" event