WebInspect 7.7 coming soon, so what's new? Great question!

What better way to let our customers know that HP is 100% commited to improving and delivering new functionality in WebInspect than to bring everyone a new release. This is our second WebInspect product update since getting aquired and there is a lot of things in this release that I think is going to make everyone very happy.

What's New

• Re-branding to HP
  WebInspect has been re-branded to show that it is now a part of the HP Software family. I had the task to pick from all sorts of images to find the one for the splash screen, i'm not sure I found the right one so I plan on changing it in the next release. I'd like to give the WebInspect community the oppertunity to suggest what we put in there next release so drop me a comment with your ideas.
• New Reports
  A new False Positive report provides a list of the vulnerabilities that are currently marked as false positive. See “Improved False Positive Handling” below for more information.
• Compliance Updates
  Two new compliance templates will generate compliance reports based on OMB and OWASP Top 10 2007 requirements. The OMB template addresses major application security sections that were defined in December 2004 by the Office of Management and Budget (OMB) for Federal agency public websites. While the previous OWASP Top 10 list included a mix of vulnerabilities and attacks, the OWASP Top 10 2007 list focuses on vulnerabilities.
• False Positive View
  WebInspect now has a False Positive view that allows you to see the vulnerabilities and sessions that are currently marked as false positive. From the False Positive view, you can select a session or a vulnerability that you have determined is not a false positive and mark it as a vulnerability again. See “Improved False Positive Handling” below for more information.
• Vulnerability Filtering
  You can now filter vulnerabilities to prevent multiple parameters for the same session or multiple values sent for the same parameter from appearing multiple times in the site tree and reports. Vulnerability filtering consolidates the related vulnerabilities into a single vulnerability. The Vulnerability Filter is disabled by default, but can be configured on the Settings window under Audit Settings.
• Enhanced Web Services Scans
  WebInspect now supports the use of log-in scripts and a means of specifying parameter values for web services scans.

What’s Improved

• Improved IPv6 Scanning
  WebInspect now has improved recognition of IPv6 literal URLs and improved scanning of IPv6 sites. You can type an IPv6 literal URL into the scan wizard and WebInspect will validate the entry, parse the URL, and recognize IPv6 literal addresses in links on web pages. Additionally, Web Discovery handles IPv6 endpoints and range enumeration.
• Improved SOAP Assessment
  WebInspect can now assess web sites that use SOAP Version 1.2 to transmit SOAP messages. SOAP Editor modifications have been made to collect SOAP message values for WSDL scans. Additionally, several known issues involving the SOAP Editor and SOAP assessments have been resolved to generally improve overall SOAP assessments.
• Improved Status Communication to AMP
  The WebInspect sensor now sends regular status updates to AMP. The updates are displayed as "Scanning X of Y; Duration:00:00:00:0000; Errors:0" in the Devices à Sensors view on the AMP Console.
• Improved False Positive Handling
  In the Vulnerabilities tab, you can select a session or a vulnerability that you believe to be false positive and send an immediate notification to HP support. If a vulnerability is selected, a list of all URLs that are vulnerable appear in the Mark as False Positive window. You can select all URLs or individual URLs to mark as false positive. You can also type a comment to send to HP support along with your false positive notification.  I want to stress how cool this feature is because we have built a portal here at SPI/HP that we log into and can review this stuff. The reports you are sending us are being read by our SPI labs team to help guide the improvements and check changes they make on a daily basis.
• Improved Support Channel Communication
  After submitting a false positive notification to HP support, you will receive a pop-up message from SPI Monitor that includes a tracking number for the notification being sent.

That's it! We hope you enjoy it when it's released, look for it on SmartUpdate on the usual download locations sometime next week.