This presentation goes through the steps to configure HP WebInspect 9.20 to make it handle challenge/response authentication schemes.
[Please note that this is HP-copyrighted content and we're just hosting it here for convenience. If we need to pull it down just email me: dan _at_ denimgroup dot com.
The original HP Security Laboratory blog post presenting the content is here:
And the original PDF can be downloaded from HP here: