webinspect 9.20 web macro recording with truclient 2012
Post on 19-Oct-2014
3.455 views
DESCRIPTION
This presentation goes through the steps to configure HP WebInspect 9.20 to make it handle challenge/response authentication schemes.[Please note that this is HP-copyrighted content and we're just hosting it here for convenience. If we need to pull it down just email me: dan _at_ denimgroup dot com.The original HP Security Laboratory blog post presenting the content is here:http://h30499.www3.hp.com/t5/The-HP-Security-Laboratory-Blog/Challenge-Response-Authentication-No-Problem/ba-p/5644803And the original PDF can be downloaded from HP here:http://h30499.www3.hp.com/hpeb/attachments/hpeb/sws-22/589/1/WebInspect%209.20%20Web%20Macro%20Recording%20with%20TruClient%202012.pdf]TRANSCRIPT
![Page 1: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/1.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Technical study to show WebInspect capabilities
Hans Enders, HP Presales
May 1, 2012
DenimGroup Auth Example
Using TruClient in WebInspect 9.2
![Page 2: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/2.jpg)
Background
• This document details how to use the WebInspect 9.20 new TruClient
Web Macro Recorder (WMR) against a simple Challenge-Response
authentication app.
• This document is meant to demonstrate that WebInspect can manage
these scenarios out-of-the-box as well as to show the user many
advanced capabilities it offers to maintain session state.
• Since TruClient records user actions and not simple sessions, it includes
the ability to handle advanced Q&A without needing changes to the
application under test.
![Page 3: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/3.jpg)
Background
• Vendor Challenge:
• http://diniscruz.blogspot.co.uk/2012/04/small-step-for-appsec-large-step-for.html
• Discussion centered around this DenimGroup blog entry:
• http://blog.denimgroup.com/denim_group/2012/04/automated-application-scanning-
handling-complicated-logins-with-appscan-and-burp-suite.html
• The sample app was provided by DenimGroup:
– https://github.com/denimgroup/authexamples
![Page 4: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/4.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda: Overview & Configuration
Demo app walk-through
Macro for demo app
Customized demo app
Macro for customized app
Finalizing the macro
![Page 5: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/5.jpg)
Overview
• Auth example application provided by DenimGroup
– All Responses are “apple”
– Hosting app to local instance of XAMPP
• Initial recording
• Editing the example app for differing Answers: “apple, CEO, White”
![Page 6: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/6.jpg)
https://github.com/denimgroup/authexamples
Demo app - Authexamples
• What - A simple Challenge-Response app in PHP, using a single answer
for all questions.
• Description:
– This is a simple project that is intended to demonstrate a couple of different non-standard
authentication scenarios for folks to train their scanners and scanner operators on.
Currently based on a single scenario in PHP, we'd love to add more scenarios.
Questions/comments/updates? Please contact dan _at_ denimgroup.com
![Page 7: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/7.jpg)
http://www.apachefriends.org/en/xampp-windows.html
Demo app – posting to XAMPP
• What - A simple web server suite for Windows.
• OS used – Windows 7 64-bit
• Installed path: C:\Websites\xampp\
• XAMPP 1.7.7, including:
– Apache 2.2.21
– MySQL 5.5.16
– PHP 5.3.8
– phpMyAdmin 3.4.5
– FileZilla FTP Server 0.9.39
– Tomcat 7.0.21 (with mod_proxy_ajp as connector)
![Page 8: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/8.jpg)
http://www.apachefriends.org/en/xampp-windows.html
Demo app – posting to XAMPP
• Extracted AuthExample to XAMPP htdocs folder:
– C:\Websites\xampp\htdocs\denimgroup-authexamples-5059b6f\
– URL: http://localhost/denimgroup-authexamples-5059b6f/index.php
![Page 9: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/9.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda: Overview & Configuration
Demo app walk-through
Macro for demo app
Customized demo app
Macro for customized app
Finalizing the macro
![Page 10: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/10.jpg)
Login screens
Demo app – normal walk through
![Page 11: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/11.jpg)
C:\Websites\xampp\htdocs\denimgroup-authexamples-5059b6f\loginplusquestion\login.php
Demo app – default Answers
• Answers are all set to “apple” inside login.php
// Set up some page data
$second_stage_questions[0] = array( '1234', 'What is your favorite fruit',
'apple' );
$second_stage_questions[1] = array( '817', 'What is your favorite Jobs
job', 'apple' );
$second_stage_questions[2] = array( '423', 'What is your favorite Beatles
record label', 'apple' );
![Page 12: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/12.jpg)
Challenge screens – all “apple”
Demo app – normal walk through
![Page 13: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/13.jpg)
Login, browse, logout
Demo app – normal walk through
![Page 14: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/14.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda: Overview & Configuration
Demo app walk-through
Macro for demo app
Customized demo app
Macro for customized app
Finalizing the macro
![Page 15: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/15.jpg)
Web Macro Recorder for WebInspect 9.20
TruClient WMR
15 Enterprise Security – HP Confidential
• HP TruClient is the latest iteration of HP WebInspect’s Web Macro
Recorder tool (WMR).
• TruClient is an Event-based UI recorder.
• The two prior WMR tools are still present in WebInspect:
• Event-based WMR
• Session-based (Traffic-based) WMR.
![Page 16: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/16.jpg)
Raw recorded steps
WMR – simple recording
16 Enterprise Security – HP Confidential
![Page 17: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/17.jpg)
Playback successful
Notice that Step #8 is the Challenge-Response (Q&A) session.
WMR – simple recording
17 Enterprise Security – HP Confidential
![Page 18: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/18.jpg)
Once Playback is successful, browse to get logged out
WMR - simple recording
18 Enterprise Security – HP Confidential
1
2
3
![Page 19: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/19.jpg)
Once logged out, click Select button – highlight identifying element
WMR – simple recording
19 Enterprise Security – HP Confidential
1 2
3a
3b
![Page 20: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/20.jpg)
Review the Logout Condition
WMR – simple recording
20 Enterprise Security – HP Confidential
![Page 21: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/21.jpg)
Works out-of-the-box
WMR – simple recording is Done
21 Enterprise Security – HP Confidential
![Page 22: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/22.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda: Overview & Configuration
Demo app walk-through
Macro for demo app
Customized demo app
Macro for customized app
Finalizing the macro
![Page 23: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/23.jpg)
C:\Websites\xampp\htdocs\denimgroup-authexamples-5059b6f\loginplusquestion\login.php
Demo app – custom Answers
• Edited the answers to “apple”, “CEO”, and “White” inside login.php.
// Set up some page data
$second_stage_questions[0] = array( '1234', 'What is your favorite fruit',
'apple' );
$second_stage_questions[1] = array( '817', 'What is your favorite Jobs
job', ‘CEO' );
$second_stage_questions[2] = array( '423', 'What is your favorite Beatles
record label', ‘White' );
![Page 24: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/24.jpg)
Challenge screens – now different
Demo app – custom Answers
![Page 25: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/25.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda: Overview & Configuration
Demo app walk-through
Macro for demo app
Customized demo app
Macro for customized app
Finalizing the macro
![Page 26: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/26.jpg)
Initial recording. Press Stop, ignore the follow-up Play button, we will need some Q&A code added
WMR – custom Answers
26 Enterprise Security – HP Confidential
![Page 27: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/27.jpg)
Final Goal
WMR – custom Answers
27 Enterprise Security – HP Confidential
• To manage dynamic Challenge-Response, the TruClient user will need to
insert three new steps into the recorded steps.
1. Evaluate JavaScript code – Dynamic Security Questions
2. Evaluate JavaScript – setSecurityQuestion
3. Evaluate JavaScript - getDynamicAnswer
• For Q&A involving more than one field, each field will need its own pair
of setSecurityQuestion and getDynamicAnswer steps, but may be able to
all share a single step for the Dynamic Security Questions.
![Page 28: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/28.jpg)
Sneak peek - Final Goal
WMR – custom Answers
28 Enterprise Security – HP Confidential
![Page 29: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/29.jpg)
Insert new Step #7 – “Evaluate JavaScript” from Toolbox sidebar
WMR - custom Answers
29 Enterprise Security – HP Confidential
![Page 30: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/30.jpg)
Open the JavaScript Editor window
Code – Dynamic Security Question
30 Enterprise Security – HP Confidential
• Expand the new Javascript step > click on “[Code]” > expand
“Arguments” > “JS” button
![Page 31: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/31.jpg)
Sample code
Code – Dynamic Security Question
31 Enterprise Security – HP Confidential
• Build your raw JS, or steal this basic script framework shown below.
– Edit the questionAnswer lines to match your situation.
– Note that variable names created here must be kept the same elsewhere as we continue.
//dynamic security questions
var questionAnswer = [];
questionAnswer["What is your favorite fruit"] = "apple";
questionAnswer["What is your favorite Jobs job"] = "CEO";
questionAnswer["What is your favorite Beatles record label"] = "White";
var currentQ;
function setSecurityQuestion(q)
{
currentQ = q.replace(/^\s\s*/, '').replace(/\s\s*$/, '');
}
function getDynamicAnswer()
{
return questionAnswer[currentQ];
}
![Page 32: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/32.jpg)
Sample code
Code – Dynamic Security Question
32 Enterprise Security – HP Confidential
![Page 33: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/33.jpg)
Sample code
Code – Dynamic Security Question
33 Enterprise Security – HP Confidential
• User simply pastes in this code sample, then edits the “questionAnswer”
lines to match their situation.
• Update the question inside quotes
• Update the answer at the end, also in quotes
• Note that variable names used in this script will be used elsewhere, so
the user must keep them the same.
![Page 34: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/34.jpg)
Sample code
Code – Dynamic Security Question
34 Enterprise Security – HP Confidential
• Here is what Step #7 has become.
![Page 35: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/35.jpg)
Insert new Step #8 – “Evaluate JS on Object” from Toolbox sidebar
Code – setSecurityQuestion
35 Enterprise Security – HP Confidential
![Page 36: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/36.jpg)
Choose the Question object
Code – setSecurityQuestion
36 Enterprise Security – HP Confidential
• Play this step alone, then high-light the JavaScript Object in the browser.
– Right-click step, or high-light and press F7
– “!” icon simply indicates an error on Playback, offering details with mouseover.
![Page 37: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/37.jpg)
Choose the Question object
Code – setSecurityQuestion
37 Enterprise Security – HP Confidential
• For this example app, we cannot just select the Question text because
the text is not contained within an element of its own (see green block
below). Because of this we need to do some additional regular
expression parsing. On most sites this step would not be necessary.
![Page 38: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/38.jpg)
Identify the Question object
Code – setSecurityQuestion
38 Enterprise Security – HP Confidential
• Sample of the raw text offered:
– Hint: apple is a pretty good choice for all the questions
– Question: What is your favorite fruit
• Used included Regular Expression Editor tool to work up regex:
– Question:\s(.*)
• Open the JavaScript Editor for this new step
![Page 39: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/39.jpg)
Identify the Question object
Code – setSecurityQuestion
39 Enterprise Security – HP Confidential
• Useful test code to verify proper regex working in JS:
– basic >> window.alert(object.textContent)
– This test app >> window.alert(object.textContent.match(/Question:\s(.*)/)[1])
• Play this Step to check pop-up – does it match your desired Question
text? yes
![Page 40: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/40.jpg)
Identify the Question object
Code – setSecurityQuestion
40 Enterprise Security – HP Confidential
• With the Alert pop-up verification, we are secure our regex works.
• Here is our regex inserted into our standard setSecurityQuestion code:
– setSecurityQuestion(object.textContent.match(/Question:\s(.*)/)[1])
• Paste this into the JS Editor window
– Recall that this variable name “setSecurityQuestion” must match what we created for the
Q&A code back in Step #7.
![Page 41: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/41.jpg)
Quick edit for the setSecurityQuestion step
Code – element location
41 Enterprise Security – HP Confidential
• TruClient by default will locate a text object by doing an exact match on
the text. For security questions, we want to locate the text object by
position instead. To do this we must change the ID Method from
"Automatic" to "XPath".
![Page 42: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/42.jpg)
Quick edit for the setSecurityQuestion step
Code – element location
42 Enterprise Security – HP Confidential
• Expand the drop down menu for "XPath:" and choose the second XPath
expression “/html/body/width” to find the question by its position.
– Verify this new entry in the browser by using the Highlight button
![Page 43: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/43.jpg)
Connect the Question back to the Javascript Q&A code
Code – getDynamicAnswer
43 Enterprise Security – HP Confidential
• We have now added to the macro our Q&A code and code to identify
the Question.
• Now to edit Step #9 so the Answer matches the Question…
![Page 44: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/44.jpg)
Connect the Answer back to the Javascript Q&A code in Step #7
Code – getDynamicAnswer
44 Enterprise Security – HP Confidential
• Open the JS Editor windows for Step #9’s Argument and enter in our
standard code:
– getDynamicAnswer()
![Page 45: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/45.jpg)
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Agenda: Overview & Configuration
Demo app walk-through
Macro for demo app
Customized demo app
Macro for customized app
Finalizing the macro
![Page 46: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/46.jpg)
Play the finished macro from the beginning
WMR final steps
46 Enterprise Security – HP Confidential
![Page 47: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/47.jpg)
Playback successful, select Logout Condition for WebInspect
WMR final steps
47 Enterprise Security – HP Confidential
![Page 48: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/48.jpg)
Wait, what are these again?
Logout Conditions
• A logout condition is an indicator for WebInspect to know when it has
gotten logged out while scanning
• Every Login Macro must have one or more logout conditions • Whether or not it involved Challenge-Response questions
• Three Types of logout conditions • Regular Expression - Supported for all three Web Macro Recorders
• Object - TruClient, UI event-based WMR only
• URL - TruClient, UI event-based WMR only
![Page 49: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/49.jpg)
Browse to Logout, then click Select button – highlight element
WMR final steps
49 Enterprise Security – HP Confidential
1 2
3a
3b
![Page 50: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/50.jpg)
Review the Logout Condition – add more as needed
WMR final steps
50 Enterprise Security – HP Confidential
![Page 51: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/51.jpg)
Final Macro
WMR – custom Answers
51 Enterprise Security – HP Confidential
![Page 52: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/52.jpg)
Final Macro - closer
WMR – custom Answers
52 Enterprise Security – HP Confidential
![Page 53: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/53.jpg)
Final Macro – with Comments added from the Toolbox sidebar
WMR – custom Answers
53 Enterprise Security – HP Confidential
![Page 54: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/54.jpg)
Denouement
54 Enterprise Security – HP Confidential
• Apologies for the length of this study. This technology is sufficiently new
that I wanted our customers to fully understand the steps.
– Future studies should be able to skip well-known steps.
• My thanks go to:
• Steve Hardeman for his JS coaching and internal training
• Jeremy Brooks for guidance in setting up this study and the optimal macro
• The HP Fortify Dev team for their tremendous work on this new WMR tool
![Page 55: WebInspect 9.20 Web Macro Recording with TruClient 2012](https://reader034.vdocuments.mx/reader034/viewer/2022042502/54449844afaf9fa4098b49f9/html5/thumbnails/55.jpg)
Outcomes That Matter
55 Enterprise Security – HP Confidential