I think one of the differences between an HP WebInspect scan and an HP Fortify Audit Workbench scan is that the former is done against a web site and the later crawls code fed to it.
The WebInspect way is one of penetration testing. You try to break in from the outside and see if you can get the app to redirect stupid places, expose stupid error messages, etc.
No comments:
Post a Comment