Re: HP's WebInspect

[Dave Ferguson <gmdavef () GMAIL COM>]

Stephen,

Very recently I ran into the same error you did in the WI report generator.
I noticed the error occurred only for the "Vulnerability (Classic)" report.
So for the critical findings, I ran the "Vulnerability Summary" report
instead.  The report is not as good, but at least its a workaround.  I
didn't have time or patience to deal with HP so I never actually reported
the problem.

Dave F.

On Fri, Aug 7, 2009 at 12:12 PM, Bradley, Stephen W. Mr. <
bradlesw () muohio edu> wrote:

>  Amazingly enough within ten minutes of posting this message I got a call
> from HP.
>
>
>
> They said that their latest version of WI has a serious out of memory
> problem in addition to our problem and that they are trying to get it fixed
> and released to the users.
>
>
>
> We will see.
>
>
>  ------------------------------
>
> *From:* Morrow Long [mailto:morrow.long () yale edu]
> *Sent:* Friday, August 07, 2009 1:08 PM
> *To:* The EDUCAUSE Security Constituent Group Listserv
> *Subject:* Re: [SECURITY] HP's WebInspect
>
>
>
> We purchased it (a single copy) in June and have recently brought it up.
>
>
>
> We've had a few problems with the license manager and license key
>
> as well as getting a response from HP (who only recently acquired the
>
> product from SPI Dynamics).
>
>
>
> I'll forward your message on to our staff member working on HP WebInspect.
>
>
>
> - Morrow
>
>
>
>
>
> On Aug 7, 2009, at 11:35 AM, Bradley, Stephen W. Mr. wrote:
>
>
>
>    Has anyone else had problems with HP’s WebInspect lately or for that
> matter their customer support in general?
>
>
>
> We have had WI for several years now and have a paid up maintenance
> contract and are receiving little to no response on a problem that cropped
> up after an update almost 7 weeks ago.
>
>
>
> The problem is with the reporting function in version 8.0.625.1.  We can
> run the scans but if you select a report that has critical vulnerabilities
> in it the report generator crashes with invalid characters.  We have been
> told several stories so far about the problem and although they seem to be
> plausible stories it doesn’t look like they are working to fix any of them.
>
>
>
> The front runner in causes is that they hash the IP address in the scan
> data and that some of the hashes produce characters that cause the report
> generation of the software to crash.  Sounds good and they can duplicate the
> problem at will and they have other sites with the same problem so how hard
> can it be to fix it.
>
>
>
> At this point we have what amounts to a very expensive piece of software
> that produces no useful information
>
>
>
> Thanks
>
> steve
>
>
>
> Stephen W. Bradley SSCP GCIH GCFA CISSP
>
> Network Security Specialist
>
> Miami University
>
> Security Engineering
>
> Business & Infrastructure Services
>
> 513-529-8129
>
> bradlesw () muohio edu