Download now from https://download.spidynamics.com/products/WebInspect/ or use SmartUpdate.

What's New

• Pre-scan Profiler – WebInspect's new pre-scan Profiler analyzes the application and offers suggestions for changes to the scan settings to optimize your assessment. The Profiler can evaluate and recommend settings for authentication, proxies, files not found, allowed hosts, and much more.
  The Profiler can be launched as a separate tool or configured in the Scan Wizard to automatically launch prior to the start of a scan.

• Interactive Logout Notification – During an interactive mode scan, WebInspect notifies you when a logout has occurred, and displays a browser view of the page where the logout occurred, allowing you to login again.

• Traffic Monitor – The Traffic Monitor allows you to view HTTP traffic in real time during a scan. The Traffic Monitor displays every request sent and response received by WebInspect in real time during the crawl and audit. 

• Enterprise Assessment – Enterprise Assessment provides you with a comprehensive overview of your Web presence from an enterprise network perspective. URLs and IP addresses can be entered individually, or WebInspect can discover all available servers within a range of IP addresses and ports that you specify.

• Right-click SQL Injector – You can now launch the SQL Injector tool by right-clicking on a vulnerable session and selecting SQL Injector from the Tools menu.

• Regex in Allowed Hosts – You can now use Regex in the Allowed Hosts list, so that if a host matches a Regex pattern entered, it will be allowed for crawl and audit.

• Launch Interactive Mode from Web Macro Recorder – You can now configure the Web Macro Recorder to launch Interactive Mode as part of a Macro.

• Restore Factory Defaults to Application Settings – You can now restore Application Settings to their factory default settings.

• Launch SPI Proxy from WebInspect Scan Wizard – You can now launch SPI Proxy from the Configure Network Proxy window in the Web Site Assessment wizard.

• Windows Vista Support - WebInspect 7.5 is now fully supported under windows Vista (Please note, support for 64 bit systems is still forthcoming)

What's Improved

• AJAX Auditing – AJAX Web applications can create several opportunities for possible attack if the application is not designed with security in mind. Since AJAX Web applications exist on both the client and the server, they include the following security issues:

  • Create a larger attack surface with many more inputs to secure

  • Expose internal functions of the Web application server

  • Allow a client-side script to access third-party resources with no built-in security mechanisms

  Improved AJAX auditing detects common AJAX frameworks that involve the following:

  • Function calls made in a client-side scripting language, such as JavaScript

  • Use of the XMLHttpRequest objects to make data requests without having to reload the page

  • Use of JavaScript Object Notation (JSON) format to transfer data between the server and client

• Export Ability in Log Viewer – You can now export Audit, Crawl, Scanner, and StateRequestor logs from the Log Viewer tool.

• Manage Scans Enhancement – You can now select and delete multiple scans in the Manage Scans window.

• Export Scan Details Enhancement – The Export Scan Details window has been redesigned for improved usability.