Strengths: Powerful scanning engine, robust set of features that continue to evolve

Weaknesses: High price for not having true enterprise capabilities out of the box

Verdict: A top product with an extensive set of features and configuration options

Developed by SPI Dynamics, which is now part of HP Software, WebInspect 7.7 is a stand-alone web-application testing product. Although it is not an enterprise solution in itself, it can easily be integrated into HP's AMP architecture for centralised administration and reporting capabilities.

Installation and activation of the product is easy, and administrators can be up and running within minutes. The solution runs on Windows XP SP2 or Windows 2003 and uses MS SQL Express SP1 or 2005 as the database backend. The administrative dashboard is simple to navigate, and the basic tasks of configuring and scheduling scans in an enterprise environment can be accomplished with a few short mouse clicks.

Although WebInspect is easily managed and the dashboard presents an easy-to-understand view of your scan, the real power lies within the dynamic and robust scanning engine. WebInspect boasts full support for Web 2.0 architectures and includes scanning for AJAX, SOAP and Flash.

Many other products also test similar architectures, but the vulnerabilities WebInspect can uncover were evident in our testing and the product performs exceptionally. We found the profiling optimisation a nice feature that allows a user to take advantage of recommended settings before scans are executed. The product comes with several useful tools, as well as a compliance and policy management editor for enhanced customisation. Macro and replay-based scanning options are also helpful.

Documentation contains an adequate blend of text and screenshots. Reports are solid and cover many useful categories. However, both the HP and SPI Dynamics support site contain statements that unifying support is still in progress. Most support and product information is contained within the old SPI Dynamics site.

Pricing for HP WebInspect 7.7 starts at £16,502 for UK customers. Standard support is included with the product, with 24/7 support available at an additional cost. We would consider the price of the product to be high given that many of its peers provide similar feature sets for lower cost.

