Forum Discussion
kjlynn_118532
Nimbostratus
NimbostratusImporting WebInspect vulnerabilities into ASM
The literature indicates that 11.4 can import vulnerability definitions from WebInspect, but I've been unable to find any details about how that works. Can someone please point me at instructions for...
kjlynn_118532Nimbostratus
NimbostratusYeah, that article describes how to import the vulns into ASM, but it doesn't describe how to export them from WebInspect. --The standard "export" options in WI do not seem to produce anything readable by ASM.
HansE_165416WebInspect (currently 10.20) offers several XML outputs, so I am assuming that the F5 import tool is only expecting one of those. The F5 manual many need a listing of the acceptable, or expected schema, exports from the various vendor scanners. For example, WebInspect 10.xx "recently" added an Export to WAF option. This new XML output is different from the classic "Full" export that WebInspect has had for a decade. I suspect it is the Full export that your import function is expecting, which could explain the error you had in importing. WebInspect Option 1: File menu > Export > Scan Details > "Full" WebInspect Option 2: File menu > Export > "Protection Rules to Web Application Firewall" You might also find answers on the HP WebInspect public user forums here: http://h30499.www3.hp.com/t5/HP-Application-Security-Center/ct-p/sws-sc01 Here is a guide: http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-WebInspect-and-F5-Integration/ba-p/6413212.U9pFv2OTFVI Starting in 2014, there is also a private, customer-only set of WebInspect forums here: https://protect724.arcsight.com/