Welcome to HP ASC Portal Sign in | Join
in Search
Home Blogs Forums Photos Downloads
HP ASC Portal » HP Application Security Center » ASC Knowledge Base » How to help prevent WebInspect from creating an e-mail storm during a scan

How to help prevent WebInspect from creating an e-mail storm during a scan

Last post 02-20-2008, 6:31 PM by chardmon. 0 replies.
Sort Posts: Previous Next

  •  02-20-2008, 6:31 PM 74345

    How to help prevent WebInspect from creating an e-mail storm during a scan

    TITLE:
    How to help prevent WebInspect from creating an e-mail storm during a scan


    ISSUE:
    WebInspect™ can create an e-mail storm when scanning because when it encounters a page with an e-mail submittal form it will fill out the form and submit an e-mail. There are several solutions for this issue, as listed below. When scanning a site, part of the methodology should include locating forms that send e-mail, commonly with names like feedback.asp or contact.html. SPI Dynamics recommends performing a Crawl-Only first on a new site and then reviewing the results of the crawl and assessing all form pages prior to running Audits.


    SOLUTIONS:
    1. Review the online Help or the User Guide section titled, "Preparing Your System for Audit." This section includes a suggestion to disable the mail server for the scan's duration. While not always feasible, it will prevent an outage. Alternatives may include editing the web server's Hosts file or e-mail configuration so that WebInspect messages created will automatically be deleted. (See #4 below)

    2. Configure an Excluded URL to have WebInspect skip the e-mail submittal page. This means that any unique links on that page will also be missed by the scan.

    3. If the application creates e-mails via a form submittal, disable the automatic submission of forms. In WebInspect 7.x, go to Edit > Default Scan Settings... > Method, and ensure "Auto-fill web forms during crawl" is left unchecked. In WebInspect Classic (5.x and 6.x) go to Tools > Default Settings... > General tab > WebForms and uncheck the "Auto Submit WebForms" box.
    Note: This may have the possibly undesirable result of limiting your scan results.

    4. Modify the e-mail sending and/or server settings:
    Edit the e-mail address(es) submitted by WebInspect. The default settings are as follows:


    (WebInspect 7.x)
    sender=jfrost@webappsecurity.com
    email=John.Doe@somewhere.com
    SPIDefault=777-777-1911form@value777.com

    (WebInspect 5.5 later builds, 5.8, 6.x)
    sender=jfrost@webappsecurity.com
    email=jfrost@webappsecurity.com
    SPIDefault=777-777-1911form@value777.com

    (WebInspect 4.0, 5.0, 5.5 early builds)
    sender=jgreen@formfill.edu
    email=jgreen@formfill.edu
    SPIDefault=333-333-3333test@test999.com

    5. Should none of the above items work in your environment, you may simply use the WebInspect Web Form Editor and remove the rows for any e-mail entries.

    These precautions may not stop an e-mail storm if your application automatically sends an e-mail based upon an action on a page, such as a failed authentication attempt triggering an e-mail to your Security Operations Center.


    APPLIES TO:
    WebInspect 4.x, 5.x, 6.x, 7.x
    Assessment Management Platform (AMP®)
View as RSS news feed in XML