Server Profiler

Use the Server Profiler to conduct a preliminary examination of a Web site to determine if certain Fortify WebInspect settings should be modified. If changes appear to be required, the Profiler returns a list of suggestions, which you may accept or reject.

For example, the Server Profiler may detect that authorization is required to enter the site, but you have not specified a valid user name and password. Rather than proceed with a scan that would return significantly diminished results, you could follow the Server Profiler's prompt to configure the required information before continuing.

Similarly, your settings may specify that Fortify WebInspect should not conduct "file-not-found" detection. This process is useful for Web sites that do not return a status "404 Not Found" when a client requests a resource that does not exist (they may instead return a status "200 OK," but the response contains a message that the file cannot be found). If the Profiler determines that such a scheme has been implemented in the target site, it would suggest that you modify the Fortify WebInspect setting to accommodate this feature. 

The Server Profiler can be selected during a Guided Scan, or enabled in the Application settings. For specific information, see Application Settings: Server Profiler.

Using the Server Profiler

You can use either of two methods to invoke the Server Profiler:

Follow these steps to launch the Server Profiler:

  1. Click the Fortify WebInspect Tools menu and select ServerProfiler.

  2. In the URL box, enter or select a URL or IP address.

  3. (Optional) If necessary, modify the Sample Size. Large Web sites may require more than the default number of sessions to sufficiently analyze the requirements.

  4. Click Analyze.

    The Profiler returns a list of suggestions (or a statement that no modifications are necessary).

  5. To reject a suggestion, clear its associated check box.

  6. For suggestions that require user input, provide the requested information.

  7. (Optional) To save the modified settings to a file:

    1. Click Save Settings.

    2. Using a standard file-selection window, save the settings to a file in your Settings directory.

Follow these steps to launch the profiler when beginning a scan:

  1. Start a scan using one of the following methods:

    • On the Fortify WebInspect Start Page, click Start a Basic Scan.

    • Click File > New > Basic Scan.

    • Click the drop-down arrow on the New icon (on the toolbar) and select Basic Scan.

    • On the Fortify WebInspect Start Page, click Manage Scheduled Scans, click Add, and then select Basic Scan.

  2. On step 4 of the Scan Wizard (Detailed Scan Configuration),  click Profile (unless Run Profiler Automatically is selected).

    The Profiler returns a list of suggestions (or a statement that no modifications are necessary).

  3. To reject a suggestion, clear its associated check box.

  4. For suggestions that require user input, provide the requested information.

  5. Click Next.