Browse By Tags

  • Fortify LIM Classic 24.2 installation problem

    Hi, Previously, we are upgrading DAST from version 23.1 to 24.2. We are using LIM on docker on version 23.1 and want to change to LIM classic 24.2. However, we are unable to install the LIM classic. It is harder to troubleshoot as there are no logs…
  • Fortify LIM 23.2 support

    Hi everyone, since the version 24.2 is no longer having LIM on docker in Windows, I am planning to keep my LIM 23.2 on Docker Windows while getting my dast upgraded to 24.2. Is this possible?
  • DAST LDAP Injection Expected Response

    I am getting 2 false positives for LDAP Injection and was hoping to help the scanner out instead of marking them. Does anyone happen to know what the expected response should be so that it isn't triggered. I tried returning 400 when it's syntax is found…
  • DAST Scanner Worker error when starting

    When trying to start the WebInspect DAST Scanner Worker Service, I get the following error in the log: INFO | 2024-10-04 10:30:57.3912 | DAST.ScannerWorkerService.Program | Starting DAST.ScannerWorkerService. Machine Name: CSCSO1FTSENV11, Application…
  • Fortify On Demand Macro Recorder Login Captcha Issue

    Hi Team, I was trying to use Macro recorder for DAST Scan. While I was recording the application which contains captcha, I am facing an issue since the captcha will be dynamically changes the verification and this result in my login issue. How to solve…
  • DAST 23.2 IncompatibleOperatingSystem Kubernetes Install

    I am trying to initialize DAST in a Kubernetes Cluster All my Cluster VMs are Rhel9 Stigged My Kubernetes is Rancher RKE 2 I am using fluxCD to handle pulling my Helm configurations from gitops repositories I have a LIM server on a Windows Server…
  • Top 5 Reasons to Use OpenText Fortify WebInspect for Dynamic Application Security Testing

    Secure your software supply chain and protect the integrity of your code with OpenText Fortify WebInspect, a dynamic application security testing (DAST) tool . Fortify WebInspect is an automated DAST solution that helps security professionals, QA testers…
  • ScanCentral DAST License

    Please, could anyone tell me how to find ScanCentral Dast License at Portal. I don't understand the difference between licenses, they exist under 2 products 1_ Fortify WebInspect 2_ Fortify Static Code Analyzer
  • Fortify DAST API Error: Invalid column name 'Value'.

    Hi All, I have error when starting scan DAST through SSC, following error below I found error on log of DAST API: ERROR | 2024-04-29 14:34:48.6399 | DAST.Web.API.Startup | Unhandled global exception: Microsoft.Data.SqlClient.SqlException (0x80131904…
  • License Unavailable status in SSC > Scancentral DAST scan

    I have 2 VMs, one for DAST Controller components (global service, dast api, lim) and another one for DAST Sensor. I installed the DAST Sensor using the PS script screated during installation of the DAST Controller. After running a scan from SSC, the…
  • ScanCntral DAST Offline Setup using docker

    we are working with Offline ScanCentral DAST server and when trying to run docker command docker load --input scancentral-dast-config.tar we got access denied we are allowing server traffic to all Docker URLs: https://api.segment.io Analytics …
  • DAST fortifydocker/scancentral-dast-api:23.2 Failed

    when trying to enable DAST it stuck and when viewing fortifydocker/scancentral-dast-api:23.2 logs I found that INFO | 2024-03-05 08:07:02.3262 | DAST.Web.API.Program | Starting dotnet. Machine Name: 643D319D19FF, Application Version: 23.2.0.107, Operating…
  • Docker manifest unknown

    When trying to Pull Fortify DAST container I stuck with error docker pull fortifydocker/scancentral-dast-api Using default tag: latest Error response from daemon: manifest for fortifydocker/scancentral-dast-api:latest not found: manifest unknown: manifest…
  • ScanCentral DAST Licenses

    How to get Demo ScanCentral DAST licenses which applied to LIM Server?
  • WebInspect Scan Freeze in the Audit Phase

    Hi All, When I scan the Web Application (Build on modern frontend technology stack -SPA), then i notice that in the audit phase of the scan the scan is freeze, but the scan status is still running and scan duration is also increasing even I didn't…
  • Unknown/Interrupted DAST Scan Status

    Hi Everyone, I have an issue with my Fortify ScanCentral DAST. The scan ran for 1-2 hours than it went to unknown or sometimes interrupted status with no logs can be downloaded from Fortify SSC. I have tried all the suggestion that I can found in this…
  • Scan Duration

    We just moved to SC-DAST from WIE, and I'm trying to update how I pull the metrics for our reporting. One of the items that I have to report on is scan times (basically how much scanner time was devoted to any one specific group, with all of the scans…
  • DAST autoresolve

    We are migrating to SC-DAST from WIE. In WIE, we changed a setting in the web.config file to autoresolve when new scans are uploaded to SSC. Is there a way to do that with SC-DAST? Here’s the info for WIE: Enabling Fortify Software Security Center…
  • DAST scan cannot be performed

    Hi all, I would like to try to scan DAST using URL Zero Web App manually directly in the DAST scancentral on the SSC dashboard, and for Fortify version I am using version 22.2. I have adjusted the scanning configuration settings according to my needs…
  • Invalid file extension when uploading GraphQL file

    Hello everyone, I faced an issue when I wanted to upload GraphQL file in Fortify ScanCentral DAST scan setting. The error is invalid file extension. Has anyone faced the same error like this? If yes, what should I check to resolve this issue? Any…
  • Browser unsupported using TruClient Browser for WebInspect

    Hello, I need to scan this app that does not support Firefox browser (cannot ask the developer to change this because we need to comply with company policy). When I want to setup the login macro, I tried to change the user agent in the TruClient setting…
  • Audit Engine error: session:0307D90DE80197897116E19D55370AFE, CheckID:11581, engine:EUNationalIDDisclosure, error:Input string was not in a correct format.

    We are getting the error stack while running scan. Web Inspect version : 23.1.0 log: Audit Engine error: session:0307D90DE80197897116E19D55370AFE, CheckID:11581, engine:EUNationalIDDisclosure, error:Input string was not in a correct format.
  • Scancentral DAST API Scan getting An error has Occoured. Internal Server error occured

    Scancentral DAST API Scan getting An error has Occoured. Internal Server error occured
  • WebInspect API -- Basic Auth Failing -- ScannerWorkerService

    I am attempting to configure basic auth for the WebInspect API but it is failing (the service won't launch, timeout error). The scanner service launches fine when I select "None" for authentication. I feel like the issue with the appsettings.json file…
  • Fortify DAST scan pause but the scan status shows running

    Hi All, I'm running ScanCentral DAST scan on this app and the scan keep stuck but the scan status show running. I knew the scan was stuck because the number of macro playback and request did not increase since 7 hours ago (yes, I let the scan running…