Micro Focus

Fortify WebInspect Enterprise

Software Version: 21.1.0 Windows® operating systems


Installation and Implementation Guide


Document Release Date: July 2021 Software Release Date: July 2021



Legal Notices

Micro Focus The Lawn

22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

https://www.microfocus.com


Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.


Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.


Copyright Notice

© Copyright 2009-2021 Micro Focus or one of its affiliates


Trademark Notices

All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.


Documentation Updates

The title page of this document contains the following identifying information:

This document was produced on May 20, 2021. To check for recent updates or to verify that you are using the most recent edition of a document, go to:

https://www.microfocus.com/support/documentation


Contents


Preface                               

8

Contacting Micro Focus Fortify Customer Support               

8

For More Information                         

8

About the Documentation Set                      

8

Change Log                             

9


Chapter 1: Before You Begin                        

11

FIPS or Non-FIPS Compliance                      

11

Installation and Upgrade Options                     

11

Important Considerations About Decoupling                 

12

System Requirements                         

13

Installation Recommendation                       

13

Installing or Upgrading Fortify Software Security Center (Optional)          

13

About Fortify WebInspect Enterprise SSL Certificate and Fortify Software Security Center

JRE                              


14

Importing Fortify WebInspect Enterprise SSL Certificate           

14

Upgrading from Earlier Versions                      

15

Upgrading from Fortify WebInspect Enterprise 20.2.0             

15

Fortify Software Security Center Upgrade Requirements (Optional)         

16

Preparing to Install Fortify WebInspect Enterprise                

16

Installing IIS, ASP.NET, and .NET Framework                

16

IIS Integrated Mode                         

17

IIS Application Pool Identity                      

17

Installing SQL Server                        

18

Creating a Sensor User                        

18

Ensuring Secure HTTPS Operation                    

18

Using SAN or Wildcard Certificates and Non-Standard Ports in IIS         

18

HTTP Binding Host Name                       

19

Using HTTPS with Guided Scan and Reports                

19

Databases in Availability Groups                     

20

Mirrored Databases                         

20

Related Documents                          

20

All Products                           

20


Micro Focus Fortify Software Security Center                

21

Micro Focus Fortify WebInspect                     

22

Micro Focus Fortify WebInspect Enterprise                 

23


Chapter 2: Installing Fortify WebInspect Enterprise                

25

About the Installation                         

25

Installing the Fortify WebInspect Enterprise Server Software            

26

About the Initialization Wizard                      

27

Activating the License                        

28

Configuring the Database                       

31

Configuring the Web Service                      

33

Setting Up Fortify WebInspect Enterprise Database Users            

34

What's Next?                           

35

Setting Up a Fortify Software Security Center (SSC) Connection          

35

Initializing Fortify WebInspect Enterprise                 

37

Adding Sensor Users                       

39

Completing Initialization                      

40

What's Next?                          

40

Installing or Upgrading a Standalone Fortify WebInspect Enterprise         

41

Initializing Fortify WebInspect Enterprise                 

41

Adding Sensor Users                       

44

Completing Initialization                      

45

What's Next?                          

45

Upgrading and Decoupling Fortify WebInspect Enterprise from Fortify Software Security

Center                             


46

Initializing Fortify WebInspect Enterprise                 

48

Adding Sensor Users                       

51

Completing Initialization                      

52

Important Information about Upgrading WebInspect            

52

What's Next?                          

53

Configuring Services                          

53

Configuring the Scan Uploader Service                  

53

Service Status                          

53

Fortify WebInspect Enterprise Configuration               

54

Dropbox Configuration                      

54

Logging Configuration                       

54

Start the Service                         

55

Configuring the Task Service                      

55


Service Status                          

55

Database Configuration                      

56

Logging Configuration                       

56

Fortify Software Security Center Poll Interval               

57

Start the Service                         

57

Configuring the Scheduler Service                    

57

Service Status                          

57

Fortify WebInspect Enterprise Manager                 

58

Logging Configuration                       

58

Start the Service                         

58

Post Configuration                         

58

Installing the Fortify WebInspect Enterprise Administrative Console          

58

Logging on to the Administrative Console                  

59

Using the Administrative Console                    

60

Post-Installation Configuration                      

60

Installing Fortify WebInspect as a Sensor                  

61

Configuring the Sensor, Testing Credentials, and Starting the Sensor Service    

65

Verifying Sensor Setup                       

67

Adding Sensor Users (if Not Previously Done)                

68

Enabling Sensors and Configuring Sensor Permissions             

68

About Assigning Administrators and Roles                 

69

System Level                          

69

Organization Level                        

70

Group Level                          

70

Moving Application Versions from the Default Group              

71

Configuring Manual Publishing of Scans to Fortify Software Security Center, if Necessary

71

About the WebInspect Enterprise Desktop Application              

72

Time Stamps and Effect of Time Zones on Schedules               

72

About the REST API                          

72

REST API Categories                        

73

Accessing the REST API                       

74

Using the Swagger UI                        

75

Getting Field-level Details                       

76

Installations Lacking Internet Connection                   

77

Downloading and Installing a CRL                    

78


Chapter 3: Troubleshooting the Installation                   

79


About Fortify WebInspect Enterprise Manager Logging              

79

Changing Fortify WebInspect Enterprise Initializer Log Debug Settings       

79

Changing Fortify WebInspect Enterprise Manager Log Debug Settings       

80

Changing Fortify WebInspect Enterprise Scheduler Service Log Debug Settings    

80

Changing Fortify WebInspect Enterprise Task Service Log Debug Settings      

81

Troubleshooting and IIS                        

82

IIS Settings and File Permissions Used by Fortify WebInspect Enterprise       

82

IIS Admin Service Must be Running                    

83

Restarting IIS Quick Commands                     

83

SQL Login                             

83

Account Rights and Privileges                      

83


Chapter 4: Implementing Fortify WebInspect Enterprise               

85

Fortify WebInspect Enterprise Components                  

86

Component Descriptions                       

86

Fortify WebInspect Enterprise Manager Account Requirements           

87

System Account Requirements                     

88

Sensor Requirement                         

88

Fortify WebInspect Enterprise System Administrator              

88

SQL Database Account Requirements                   

89

Fortify WebInspect Enterprise Manager License Components            

89

Customizing Data Path and Scan Publication Settings              

89

Changing the Storage Folders Location                  

89

Disabling Automatic Publishing of Scans to Fortify Software Security Center      

90

Enabling Fortify Software Security Center to Automatically Mark Vulnerabilities as Fixed  

90

Changing Logging Locations                      

91

Encrypting the Communication Between Fortify WebInspect Enterprise and SQL Server   

91

Enabling Fortify WebInspect Enterprise to Use SSL              

92

Editing the Encrypted SQL Connection String Section of web.config       

92

Encrypt Connection String in the TaskService.exe.config File          

93

Fortify WebInspect Sensor Remote SQL Server Standard Edition Connectivity      

93

Using Windows Authentication                     

94

Fortify WebInspect Sensor Logging                     

94

Fortify WebInspect Sensor Scan Logs                   

94

Fortify WebInspect Sensor Directory Path Customization             

94

Modifying the SharedSettings.config File                  

95


Retaining Copies of Scan Data on the Fortify WebInspect Sensor

            95

About Database Size and Growth Settings                  

96

General Database Settings for Fortify WebInspect Enterprise            

96

Database Maintenance for Fortify WebInspect Enterprise             

96

Check Database Integrity Task                     

98

Database Fragmentation Maintenance                  

98

Reorganize Index Task                        

99

Rebuild Index Task                         

100

Update Statistics Task                        

101


Send Documentation Feedback                       

102


Preface

Contacting Micro Focus Fortify Customer Support

Visit the Support website to: