Fortify WebInspect represents a prominent dynamic application security testing (DAST) solution within the pentester community.
This automated tool identifies security vulnerabilities by simulating real-world external attacks against running applications.
Core Functionality
The platform provides comprehensive vulnerability detection through automated dynamic testing that identifies problems and prioritizes them for analysis.
Modern Framework Support
WebInspect crawls contemporary web technologies including HTML5, JSON, AJAX, and JavaScript.
It specifically detects Single Page Applications (SPAs) built with:
- Angular
- AngularJS
- React
- GWT
- Vue
- Dojo
- Backbone
Primary Features
Functional Application Security Testing (FAST)
Unlike IAST limitations, FAST integrates functional testing while continuing to crawl applications, ensuring broader coverage even when functional tests miss vulnerabilities.
Advanced Scanning Capabilities
- Hacker-level insights revealing client-side frameworks and version numbers
- Enterprise risk monitoring with trend analysis
- Flexible deployment options (on-premise, SaaS, or managed services)
- Pre-configured compliance policies for PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPAA
Performance Optimization
Horizontal scaling via Kubernetes containerization enables parallel JavaScript processing, significantly reducing scan duration.
Developer Integration
Developers receive line-of-code details and return stack trace information facilitating faster remediation.
Note: Now under OpenText. Ownership: HP → Micro Focus → OpenText.