Using Macros
A macro is a recording of the events that occur when you access and log in to a website. You can subsequently instruct Fortify WebInspect to begin a scan using this recording. You can use either the Session-based Web Macro Recorder tool or the Web Macro Recorder with Macro Engine 7.1 tool to record login macros, or you can create them in the Basic Scan or Guided Scan wizards. Macros that are created in a Basic Scan or a Guided Scan can be used in either type of scan.
There are two types of macros:
-
A login macro is a recording of the events that occur when you access and log in to a Web site using a Web Macro Recorder tool. You can subsequently instruct Fortify WebInspect to begin a scan using this recording.
If Enable macro validation is selected in Scan Settings: Authentication for scans that use a login macro, Fortify WebInspect tests the login macro at the start of the scan to ensure that the log in is successful. If the macro is invalid and fails to log in to the application, the scan stops and an error message is written in the scan log file. For more information and troubleshooting tips, see Testing Login Macros.
-
A workflow macro is a recording of HTTP events that occur as you navigate through a Web site using a Web Macro Recorder tool. Fortify WebInspect audits only those URLs included in the macro that you previously recorded and does not follow any hyperlinks encountered during the audit. Supported macros are
.webmacrofiles, Burp Proxy captures, and.harfiles.
Any activity you record in a macro will override the scan settings. For example, if you specify a URL in the Excluded URL setting, and then you actually navigate to that URL when creating a macro, Fortify WebInspect will ignore the exclusion when it crawls and audits the site.
Note: When you play a macro, Fortify WebInspect will not send any cookie headers that may have been incorporated in the recorded macro. Macros that were recorded in a Basic Scan or a Guided Scan can be used in either type of scan.
See Also