Viewing Fortify WebInspect Scan Results in Fortify Software Security Center

Fortify WebInspect saves scan results (results data and audit data) in FPR format, which you can upload to Fortify Software Security Center. (See Uploading Scan Artifacts.) Fortify WebInspect issue details differ somewhat from those shown for issues uncovered by other analyzers, such as Fortify Static Code Analyzer.

In the left pane of the CODE tab, the Overview section displays summary information about the finding and the Implications section. The Additional References section lists any pertinent references available.

The center pane displays the following information:

URL: Website page on which the vulnerability was detected

Method: HTTP method used for the attack (for example GET, PUT, and POST)

Vulnerable Parameter: Name of the vulnerable parameter

Attack Payload: Shellcode used as the payload for exploiting the vulnerability

Below this information, the Request section displays the request made, with the attack highlighted. The Response section displays the response to the request, with the trigger highlighted.

Viewing Additional Details and Recommendations

To view additional details and recommendations for the issue, on the issue toolbar, click one of the following:

• Open in new tab

• Expand to full screen

On the right, the DETAILS section provides suggestions on what to look for in this issue.

To view recommendations and tips on how to address the issue, from the DETAILS list, select Recommendations.

For information about how to use the pane on the right to audit the issue, see Auditing Scan Results.