WebInspect 7.7.869 Now Available - Web Application Security Center News Blog -
Web Application Security Center News Blog » WebInspect 7.7.869 Now Available
WebInspect 7.7.869 Now Available

An update for WebInspect is now available via SmartUpdate.  The update includes some great changes which have been detailed below.  Enjoy!

Improvements to the Regular Expression Editor
Optimized some functions for improved performance (language syntax application, syntax evaluation triggering points, etc).
Disabled match tree updates on match fill. Refactored control that contains text to test and disabled painting while highlighting. Improved test for validity of request/response templates.

Enhancements to the Cross-Site Scripting (XSS) Engine
Improved detection of Cross-Site Scripting vulnerabilities and improved consistency in stored Cross-Site Scripting detection. Improved accuracy of Cross-Site Scripting against Domino HTTP headers, as well as when filters are used to remove "alert" from the query string, in Header Injection, and in chain drop-down sites.

Significant SQL Injection Engine Improvements
Improved "diffing" technology for blind SQL Injection. Implemented data extraction for proving confirmed SQL Injection. Improved vulnerability categorization, and created a new check that is flagged when SQL Injection is confirmed but data extraction is not possible because of some limitations such as database not supported, database version does not support data extraction, et cetera.

Enhancements to the JavaScript Parser
Fixed a recurring error when parsing script out-of-process and enhanced the detection of forms in JavaScript so that more forms are found.

Improved Results for Web Brute
Integrated DiffEngine changes into Web Brute for improved results.

Stability Enhancements
Significant work was put towards closing a large number of outstanding issues.  See the release notes for more details.

Miscellaneous Improvements
Additional enhancements include better handling of Proxy PAC files, Firefox Proxy support, and improved Oracle application support.  Additionally, the "Manage Existing Scans" dialog now remembers its window size and position. 

For additional details and a full list of issues resolved, check out the release notes.

- Joe

Posted 06-12-2008 11:00 AM by joe.yeager

Comments

annex wrote re: WebInspect 7.7.869 Now Available
on 07-16-2008 10:10 AM

very good!

Edward Frantz wrote re: WebInspect 7.7.869 Now Available
on 08-21-2008 8:12 PM

When is your next  WebInspect 7.7 class in Va.?

Please send info.

Thanks

Ed

ABHISHEK AWASTHI wrote re: WebInspect 7.7.869 Now Available
on 08-27-2008 8:27 AM

I have one query on WebInspect tool. I am using demo version of this tool.

I have installed SQL Server 2000 on my desktop. But when I am trying to Configure SQL server for WebInspect, it is not showing my desktop name on server. Please help me to resolve this.

Can I use any other database package instead of SQL Server.

I would appreciate your help.

Thanks and Regards

Abhishek Awasthi

abhishek.awasthi@ncr.com

Roger Kal wrote re: WebInspect 7.7.869 Now Available
on 09-03-2008 4:27 AM

This seems a strange that you describe as NOW AVAILABLE, but do NOT provide any link to the software download page.

Also, the link for "release notes" is broken.

Thanks Roger

erik.peterson wrote re: WebInspect 7.7.869 Now Available
on 09-09-2008 2:26 PM

Hi Roger, the release was made available via our SmartUpdate system which distributes the latest versions and updates to all our customers immediately via the Internet. If you would like to try out the software please go to www.hp.com/go/securitysoftware/ and download the free WebInspect trial.

Thanks,

Erik

Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems