You should avail yourself of the free training materials and resources already offered by HP's Application Security Center. (Full disclosure: I work there as part of HP ASC Fortify.)
User Forums and Researcher Blogs: http://h30501.www3.hp.com/t5/HP-Applica ... /ct-p/sc01
- Requires a free HP Passport account to Post messages.
ASC Support Portal: http://support.openview.hp.com/
- Also uses HP Passport account.
- This portal gives you 24/7 access to the WebInspect KB, as well as the ability to submit/manage support cases. Great for pre-populating your case with all details and data rather than trying to get first-level support to type it in for you over the phone! Wait 20 minutes and call in with your assigned Case# to get routed directly to the person who picked up that case.
- The Support Portal requires that you link your HP Passport account with your "Entitlement" or "Contract", known as the SAID number. Since you have WebInspect in front of you, the SAID number is displayed under the "About WebInspect" menu item.
Semi-monthly technical demo on using WebInspect (free registration): http://techdemos.com/
- Every other Friday at 1 PM EDT.
Your HP Sales representative:
- Chances are your company's/area's HP Sales rep is keen to try to sell you or your boss new stuff, but knows very little about the security product line. Lean on them to put you in touch with someone who can actually really help you, and then fend off their free lunches as long as possible. ;-)
Regarding scans taking two weeks, that sounds crazy. You seriously need to review the actual scan results and the available scan settings, with an expert if possible. Anytime I hear of a scan taking more than overnight I just *know* there is some setting to change that can make it more efficient. The guy before you probably ran the product with the default settings, which is only a good baseline for what might be found in the real world. Your site may require increased script parsing, redundant page detection, custom state-keeping or navigational parameters, or other "shaping" controls and limitations for the crawler.