Educause Security Discussion mailing list archives

Re: HP's WebInspect

From: "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>
Date: Fri, 7 Aug 2009 13:12:26 -0400

Amazingly enough within ten minutes of posting this message I got a call from HP.

They said that their latest version of WI has a serious out of memory problem in addition to our problem and that they 
are trying to get it fixed and released to the users.

We will see.

________________________________
From: Morrow Long [mailto:morrow.long () yale edu]
Sent: Friday, August 07, 2009 1:08 PM
To: The EDUCAUSE Security Constituent Group Listserv
Subject: Re: [SECURITY] HP's WebInspect

We purchased it (a single copy) in June and have recently brought it up.

We've had a few problems with the license manager and license key
as well as getting a response from HP (who only recently acquired the
product from SPI Dynamics).

I'll forward your message on to our staff member working on HP WebInspect.

- Morrow


On Aug 7, 2009, at 11:35 AM, Bradley, Stephen W. Mr. wrote:


Has anyone else had problems with HP's WebInspect lately or for that matter their customer support in general?

We have had WI for several years now and have a paid up maintenance contract and are receiving little to no response on 
a problem that cropped up after an update almost 7 weeks ago.

The problem is with the reporting function in version 8.0.625.1.  We can run the scans but if you select a report that 
has critical vulnerabilities in it the report generator crashes with invalid characters.  We have been told several 
stories so far about the problem and although they seem to be plausible stories it doesn't look like they are working 
to fix any of them.

The front runner in causes is that they hash the IP address in the scan data and that some of the hashes produce 
characters that cause the report generation of the software to crash.  Sounds good and they can duplicate the problem 
at will and they have other sites with the same problem so how hard can it be to fix it.

At this point we have what amounts to a very expensive piece of software that produces no useful information

Thanks
steve

Stephen W. Bradley SSCP GCIH GCFA CISSP
Network Security Specialist
Miami University
Security Engineering
Business & Infrastructure Services
513-529-8129
bradlesw () muohio edu<mailto:bradlesw () muohio edu>

Current thread:

HP's WebInspect Bradley, Stephen W. Mr. (Aug 07)
- <Possible follow-ups>
- Re: HP's WebInspect Dave Kovarik (Aug 07)
- Re: HP's WebInspect Morrow Long (Aug 07)
- Re: HP's WebInspect Bradley, Stephen W. Mr. (Aug 07)
- Re: HP's WebInspect Dave Ferguson (Aug 10)
- Re: HP's WebInspect Dean De Beer (Aug 11)