WebInspect 6.0 - Web Application Security Center News Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
Web Application Security Center News Blog
»
WebInspect 6.0
WebInspect 6.0
Web Application Security Center News Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
AMP 8.00 Released
Announcing WebInspect 8.0.548 Available Now!
Upgrade to .NET 3.5 Service Pack 1
HP QAInspect 5.1 now available
WebInspect 7.7.869 Now Available
Web Security
Developer Security
The SPI Labratory
Security in QA
SPI Dynamics Portal
Links of Interest
Erik's Personal Blog
Archives
April 2009 (2)
February 2009 (1)
October 2008 (1)
June 2008 (1)
April 2008 (1)
March 2008 (1)
January 2008 (1)
October 2007 (1)
August 2007 (2)
July 2007 (1)
May 2007 (1)
April 2007 (1)
March 2007 (2)
February 2007 (3)
November 2006 (1)
October 2006 (2)
September 2006 (2)
July 2006 (2)
June 2006 (2)
May 2006 (2)
April 2006 (2)
March 2006 (2)
It's out, we've done it. 6.0 is now available for you to download. The official news won't hit the wire until Monday but you can start downloading it now from
https://download.spidynamics.com/products/webinspect/webinspectsetup.exe
I'm particularly happy with this release because build
42
was the one that passed the final QA, and well that's just good luck.
So, what's new in 6.0? The most significant new functionality surrounds our new Intelligent Engine technology. Intelligent engines are engines that instead of just blindly sending checks or generically manipulate inputs actually probe the site to determine what's possible and then dynamically craft attacks on the fly. This means we don't have to constantly update and grow our check database for things like XSS attacks, instead we've trained WebInspect to think like a pen tester and build it's own checks as needed.
The result? Internal tests show that our new XSS Intelligent Engine for example runs about %1500 faster than the previous checks based approach. No that %1500 is not a typo! Because we are also learning as we probe the site we also build a much more accurate map of what's possible for site, this means we generally know what attacks are going to work before we send them, this means accuracy reaches levels previously not thought possible. No one is going to belive this, and actually I don't belive this, but the darn thing has yet to generate any false positives inside our test lab. I'm sure some site will find a way to stump it sooner or later, but so far it's pretty amazing.
Intelligent Engines represent the future for web application testing. It's just not acceptable anymore to just throw garbage at the site and see what sticks. Scanners need to get smarter and find issues more efficiently, it's not just about finding issues, but how many requests did it take to find that issue, how noisy were you doing it and what damage or leftovers did you leave behind?
For those who want to wait for SmartUpdate, we will be updating the SmartUpdate servers on Monday for all customers but I recommend you beat the rush and download now.
Posted
06-24-2006 12:16 AM
by
erik.peterson
Privacy Statement