T he depth in which websites and web services are assessed by WebInspect and its clarity of vulnerability descriptions and suggested fixes is impressive. This is a great tool for those responsible for enterprise-level websites and web services.

WebInspect manages to be powerful and useful while remaining intuitive and easy to use. This is important as busy administrators want things up and running fast, but also want custom configuration as they become more experienced.

Users will benefit from the built-in policy templates and powerful scanning while they learn how to best shape the tool to their own requirements. It starts with the Scan Wizard, which allows you to choose between a web assessment (as in website URL), enterprise assessment (via a range of IP addresses), or web service assessment (via assessment of the WSDL file).

Next you may choose a comprehensive scan to map out a sites tree structure for later analysis or a step mode approach which follows you as you manually navigate the site.

An intuitive GUI shows vulnerabilities as they are discovered (in summary terms). It also provides an in-depth appraisal of each instance via the Information Pane, where there is a detailed description of the vulnerability in question with a recommended fix. The depth of this information varies according to the vulnerability found but it is often extensive. You can view the http request and response, details of methods used, and more.

The database of vulnerabilities is kept current via the Smart Update feature, and there is a Policy Manager where policies may be edited or created from scratch and agents can be created. You can also intuitively create virtually any report you can think of with a few mouse clicks. The reports are attractively formatted and easy to read.

WebInspect is well considered. Everything is where you expect it to be and everything works.

Product title
Product info
Name: WebInspect (Penetration and Vulnerability Testing group test) Description: Price: Developer versions from $795 per seat, other versions from $4,000
Ease of use, depth of scanning.
Very little.
A powerful tool for evaluating websites and web-based applications and services.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.