Two-factor Authentication
Two-factor Authentication is a common requirement in enterprises and can be a burden to the
security tester to get a bypass or to manually scan. WebInspect now offers the ability to automate
Two-factor Authentication scans. This is accomplished by installing a lightweight Android app
onto a phone or emulator that can capture SMS and Email tokens and pass them back to the
scanner for authentication. Once configured, there is no need for user interaction.
Automatic State Detection
WebInspect now automatically detects and configures state for Oauth, JWT, and Bearer Tokens
during a scan.
Engine 6.1 Updates
Fortify continues to enhance its engines to improve scan coverage and performance. WebInspect
21.2.0 provides a faster crawl and audit, and better application support from the Web Macro
Recorder with Macro Engine 6.1.
Improved DOM XSS Detection
WebInspect 21.2.0 has new DOM XSS detection capabilities for analyzing client-side code for XSS.
This will allow for improved XSS attack performance and the ability to detect client-side only
attacks, such as XSS in DOM fragments.
Web Fuzzer Tool
The Web Fuzzer Tool lets you run Fuzzing tests that submit random or sequential data to various
areas of an application to uncover security vulnerabilities. For example, when searching for buffer
overflows, a tester can generate data of various sizes and send it to one of the application entry
points to observe how the application handles it.
Micro Focus Fortify WebInspect Enterprise
The following features have been added to the Fortify WebInspect sensor used in WebInspect
Enterprise.
Note: WebInspect Enterprise 21.2.0 is scheduled for release in the latter half of December 21.2.0.
API Discovery
With the new API Discovery function in WebInspect, any Swagger or OpenAPI schema detected
during a scan will have its endpoints added to the existing scan and authentication will be applied
to the endpoints with our automatic state detection. In addition, probes will be sent to default
locations of popular API frameworks to discover schemas.
Automatic State Detection
WebInspect now automatically detects and configures state for Oauth, JWT, and Bearer Tokens
during a scan.
Engine 6.1 Updates
Micro Focus Fortify Software (21.2.0)
Page 6 of 29