Skip navigation

API Notifications

7 Posts authored by: fmc

A new release of Qualys WAS, Version 4.6 which includes API updates, is targeted for release in April. The specific day will differ depending on the platform.  Platform release dates will be published on the Qualys Status page when available.

 

The updated APIs for WAS 4.6 give you more ways to integrate your programs and API calls with Web Application Scanning (WAS).

 

This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods. This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

What’s New

 

Web Application API - Scheduling Malware Monitoring Scan

 

Web Application API - Scheduling Malware Monitoring Scan

 

We now support malware monitoring schedule with options such as Single, Daily, Hourly, Weekly, and Monthly through the WAS API.

 

Affected APIs:

/qps/rest/3.0/get/was/webapp

/qps/rest/3.0/create/was/webapp

/qps/rest/3.0/update/was/webapp

 

Updated XSD:

webapp.xsd

 

Looking for our API user guides? Just log in to your account and go to Help > Resources.

 

Please see the attached PDF for all API details and changes including examples and API base URLs.

A new release of Qualys WAS, Version 4.5 which includes API updates and updated report formats, is targeted for release in January. The specific day will differ depending on the platform.  Platform release dates will be published on the Qualys Status page when available.  The updated APIs for WAS 4.5 give you more ways to integrate your programs and API calls with Web Application Scanning (WAS).

 

The Qualys WAS API 4.5 gives you more ways to integrate your programs and API calls with Web Application Scanning (WAS). Looking for our API user guides? Just log in to your account and go to Help > Resources.

 

What’s New

  • Scan API - default authentication for scans
  • Search Scan API - new CANCELED keyword
  • Finding API - payloads element removed from XSD
  • JSON Support
  • Condensed CSV output for Web App and Scan Reports

 

Please see the attached PDF for all API details and changes including examples and API base URLs.

A new release of Qualys WAS, Version 4.5 which includes API updates and updated report formats, is targeted for release in January. The specific day will differ depending on the platform.  See platform release dates for more information.  The updated APIs for WAS 4.5 give you more ways to integrate your programs and API calls with Web Application Scanning (WAS).

 

What’s New

  1. Search Scan API - new CANCELED keyword
  2. Condensed CSV output for Web App and Scan Reports

 

Search Scan API - new CANCELED keyword

The Search Scan API allows you to search for scans that have been canceled. We updated the Criteria “status” to CANCELED, to make it consistent in the WAS application. (In previous releases it was CANCELLED).

 

Affected API: /qps/rest/3.0/search/was/scan/

Updated XSD: scan.xsd, wassscan.xsd

 

Condensed CSV output for Web App and Scan Reports

Now you’ll get more condensed versions of your Web Application Reports and Scan Reports in CSV format. The reports display each vulnerability and sensitive content using a single line.

 

 

Looking for our API user guides? Just log in to your account and go to Help > Resources.

 

Please see the attached PDF for all API details and changes including examples and API base URLs.

WAS API 4.4 includes improvements, giving you more ways to integrate your programs and API calls with Web Application Scanning (WAS). Looking for our API user guides? Just log in to your  account and go to Help > Resources.

 

What’s New

  • Option Profile API - Support for server error thresholds before stopping a scan
  • Scan API - Scan information now includes user who canceled a scan

 

Tell me about the base URL 

Our documentation and sample code use the API server URL for  US Platform 1. Do you have another base URL? If yes please use it instead.


 

Option Profile API - Support for server error thresholds before stopping a scan


Web applications can return different kinds of server side errors or error indicators using a WAS scan. Some of these are a sign of the server possibly getting overloaded (or unresponsive) due to the scan behavior or an alternate condition.


With this release we’ve added new controls to stop a scan on such errors and customize a threshold for conditions in the option profile: Timeout Error Threshold (default is 20) and Unexpected Error Threshold (default is 48). You can customize the threshold values and disable them by setting to 0.


Updated XSD: optionprofile.xsd


Option Profile CREATE API


1) Create Option Profile - with no error threshold specified (default values applied)


API Request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/optionprofile/" < file.xml

 

Note: “file.xml” contains the request POST data.


Request POST Data:


<ServiceRequest>

   <data>

      <OptionProfile> 

         <name><![CDATA[My OP - with no error threshold specified]]></name>  

      </OptionProfile>     

   </data>

</ServiceRequest>

 

XML response:


<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/optionprofile.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <data>

        <OptionProfile>

            <id>451935</id>

            <name>

                <![CDATA[My OP - with no error threshold specified]>

            </name>

            <owner>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </owner>

            <isDefault>false</isDefault>

            <tags>

                <count>0</count>

            </tags>

            <formSubmission>BOTH</formSubmission>

            <maxCrawlRequests>300</maxCrawlRequests>

            <timeoutErrorThreshold>20</timeoutErrorThreshold>

            <unexpectedErrorThreshold>48</unexpectedErrorThreshold>

            <parameterSet>

                <id>0</id>

                <name>

                    <![CDATA[Initial Parameters]]>

                </name>

            </parameterSet>

            <ignoreBinaryFiles>false</ignoreBinaryFiles>

            <performance>LOW</performance>

            <bruteforceOption>MINIMAL</bruteforceOption>

            <comments>

                <count>0</count>

            </comments>

            <sensitiveContent>

                <creditCardNumber>false</creditCardNumber>

                <socialSecurityNumber>false</socialSecurityNumber>

            </sensitiveContent>

            <createdDate>2015-11-05T00:49:11Z</createdDate>

            <createdBy>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </createdBy>

            <updatedDate>2015-11-05T00:49:11Z</updatedDate>

            <updatedBy>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </updatedBy>

        </OptionProfile>

    </data>

</ServiceResponse>

 

2) Create Option Profile - with custom error threshold values


API Request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/optionprofile/" < file.xml

 

Note: “file.xml” contains the request POST data.


Request POST Data:


<ServiceRequest>

   <data>

      <OptionProfile> 

         <name><![CDATA[My OP - with custom error threshold]]></name>  

         <timeoutErrorThreshold>22</timeoutErrorThreshold>

         <unexpectedErrorThreshold>50</unexpectedErrorThreshold>

      </OptionProfile>     

   </data>

</ServiceRequest>

 

XML response:


<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/optionprofile.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <data>

        <OptionProfile>

            <id>454733</id>

            <name>

                <![CDATA[My OP - with custom error threshold]]>

            </name>

            <owner>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </owner>

            <isDefault>false</isDefault>

            <tags>

                <count>0</count>

            </tags>

            <formSubmission>BOTH</formSubmission>

            <maxCrawlRequests>300</maxCrawlRequests>

            <timeoutErrorThreshold>22</timeoutErrorThreshold>

            <unexpectedErrorThreshold>50</unexpectedErrorThreshold>

            <parameterSet>

                <id>0</id>

                <name>

                    <![CDATA[Initial Parameters]]>

                </name>

            </parameterSet>

            <ignoreBinaryFiles>false</ignoreBinaryFiles>

            <performance>LOW</performance>

            <bruteforceOption>MINIMAL</bruteforceOption>

            <comments>

                <count>0</count>

            </comments>

            <sensitiveContent>

                <creditCardNumber>false</creditCardNumber>

                <socialSecurityNumber>false</socialSecurityNumber>

            </sensitiveContent>

            <createdDate>2015-11-12T00:00:23Z</createdDate>

            <createdBy>

...

 

3) Create Option Profile - with custom error threshold values as 0, to disable settings


API Request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/optionprofile/" < file.xml

 

Note: “file.xml” contains the request POST data.


Request POST Data:


<ServiceRequest>

   <data>

      <OptionProfile> 

         <name><![CDATA[My OP - with no threshold specified]]></name>  

         <timeoutErrorThreshold>0</timeoutErrorThreshold>

         <unexpectedErrorThreshold>0</unexpectedErrorThreshold>

      </OptionProfile>

   </data>

</ServiceRequest>

 

XML response:

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/optionprofile.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <data>

        <OptionProfile>

            <id>453133</id>

            <name>

                <![CDATA[My OP - with no threshold specified]]>

            </name>

            <owner>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </owner>

            <isDefault>false</isDefault>

            <tags>

                <count>0</count>

            </tags>

            <formSubmission>BOTH</formSubmission>

            <maxCrawlRequests>300</maxCrawlRequests>

            <parameterSet>

                <id>0</id>

                <name>

                    <![CDATA[Initial Parameters]]>

                </name>

            </parameterSet>

            <ignoreBinaryFiles>false</ignoreBinaryFiles>

            <performance>LOW</performance>

            <bruteforceOption>MINIMAL</bruteforceOption>

            <comments>

                <count>0</count>

            </comments>

            <sensitiveContent>

                <creditCardNumber>false</creditCardNumber>

                <socialSecurityNumber>false</socialSecurityNumber>

            </sensitiveContent>

            <createdDate>2015-11-07T01:29:24Z</createdDate>

            <createdBy>

...

 

Option Profile UPDATE API


Update Option Profile - with custom threshold values


API Request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/update/was/optionprofile/452933" < file.xml

 

Note: “file.xml” contains the request POST data.


Request POST Data:


ServiceRequest>

   <data>

      <OptionProfile>

         <name><![CDATA[My OP - with custom threshold values]]></name>  

         <timeoutErrorThreshold>200</timeoutErrorThreshold>

         <unexpectedErrorThreshold>20</unexpectedErrorThreshold>

      </OptionProfile>

   </data>

</ServiceRequest>

 

XML response:

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/optionprofile.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <data>

        <OptionProfile>

            <id>452933</id>

        </OptionProfile>

    </data>

</ServiceResponse>

 

Option Profile GET API


GET Option Profile - with custom threshold values


API Request:


curl -u "USERNAME:PASSWORD"

"https://qualysapi.qualys.com/qps/rest/3.0/get/was/optionprofile/452933"

 

Note: “file.xml” contains the request POST data.


XML response:


<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/optionprofile.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <data>

        <OptionProfile>

            <id>452933</id>

            <name>

                <![CDATA[My OP - with custom threshold values]]>

            </name>

            <owner>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </owner>

            <isDefault>false</isDefault>

            <tags>

                <count>0</count>

            </tags>

            <formSubmission>BOTH</formSubmission>

            <maxCrawlRequests>300</maxCrawlRequests>

            <timeoutErrorThreshold>200</timeoutErrorThreshold>

            <unexpectedErrorThreshold>20</unexpectedErrorThreshold>

            <parameterSet>

                <id>0</id>

                <name>

                    <![CDATA[Initial Parameters]]>

                </name>

            </parameterSet>

            <ignoreBinaryFiles>false</ignoreBinaryFiles>

            <performance>LOW</performance>

            <bruteforceOption>MINIMAL</bruteforceOption>

            <comments>

                <count>0</count>

            </comments>

            <sensitiveContent>

                <creditCardNumber>false</creditCardNumber>

                <socialSecurityNumber>false</socialSecurityNumber>

            </sensitiveContent>

            <createdDate>2015-11-05T21:54:17Z</createdDate>

            <createdBy>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </createdBy>

            <updatedDate>2015-11-12T00:04:15Z</updatedDate>

            <updatedBy>

                <id>4354</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </updatedBy>

        </OptionProfile>

    </data>

</ServiceResponse>

 

 

Scan API - Scan information now includes user who canceled a scan


Previously we did not provide information on the user who canceled a scan. We’ve updated the XML output for the Scan SEARCH API and Scan GET API.


Updated XSD: scan.xsd, wassscan.xsd


Scan SEARCH API


Search response shows user who canceled a scan


API request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/search/wasscan/" < file.xml

 

Note: “file.xml” contains the request POST data.


Request POST Data:


<ServiceRequest>

   <filters>

      <Criteria field="id" operator="IN">1447989</Criteria>   

   </filters>

</ServiceRequest>

 

XML output:

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/scan.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <hasMoreRecords>false</hasMoreRecords>

    <data>

        <WasScan>

            <id>1447989</id>

            <name>

                <![CDATA[My Vulnerability Scan]]>

            </name>

            <reference>was/1446408743390.1856849</reference>

            <type>VULNERABILITY</type>

            <mode>ONDEMAND</mode>

            <multi>false</multi>

            <target>

                <webApp>

                    <id>2431279</id>

                    <name>

                        <![CDATA[127.0.0.1]]>

                    </name>

                    <url>

                        <![CDATA[http://127.0.0.1/]]>

                    </url>

                </webApp>

                <scannerAppliance>

                    <type>EXTERNAL</type>

                </scannerAppliance>

                <cancelOption>SPECIFIC</cancelOption>

            </target>

            <profile>

                <id>28147</id>

                <name>

                    <![CDATA[My Option Profile]]>

                </name>

            </profile>

            <launchedDate>2015-11-01T20:12:23Z</launchedDate>

            <launchedBy>

                <id>2226741</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </launchedBy>

            <status>CANCELLED</status>

           <cancelMode>USER</cancelMode>

            <canceledBy>

                <id>9872437571</id>

                <username>acme_bb5</username>

            </canceledBy>

        </WasScan>

    </data>

</ServiceResponse>

 

Scan GET API


Get scan details shows user who canceled a scan


API request:


curl -u "USERNAME:PASSWORD"

"https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/1447989"

 

XML output:


<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>1</count>

    <data>

        <WasScan>

            <id>1447989</id>

            <name>

                <![CDATA[My Vulnerability Scan]]>

            </name>

            <reference>was/1446408743390.1856849</reference>

            <type>VULNERABILITY</type>

            <mode>ONDEMAND</mode>

            <progressiveScanning>false</progressiveScanning>

            <multi>false</multi>

            <target>

                <webApp>

                    <id>2431279</id>

                    <name>

                        <![CDATA[127.0.0.1]]>

                    </name>

                    <url>

                        <![CDATA[http://127.0.0.1/]]>

                    </url>

                </webApp>

                <scannerAppliance>

                    <type>EXTERNAL</type>

                </scannerAppliance>

                <cancelOption>SPECIFIC</cancelOption>

            </target>

            <profile>

                <id>28147</id>

                <name>

                    <![CDATA[My Option Profile]]>

                </name>

            </profile>

            <options>

                <count>15</count>

                <list>

                    <WasScanOption>

                        <name>My Authentication Record</name>

                        <value>

                            <![CDATA[None]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Unexpected Error Threshold</name>

                        <value>

                            <![CDATA[48]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Sensitive Content: Credit Card Numbers</name>

                        <value>

                            <![CDATA[false]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Performance Settings</name>

                        <value>

                            <![CDATA[MEDIUM]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Scanner Appliance</name>

                        <value>

                            <![CDATA[External]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Detection Scope</name>

                        <value>

                            <![CDATA[COMPLETE]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Crawling Form Submissions</name>

                        <value>

                            <![CDATA[NONE]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Bruteforce Settings</name>

                        <value>

                            <![CDATA[MINIMAL]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Option Profile Name</name>

                        <value>

                            <![CDATA[My Option Profile]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Maximum Crawling Links</name>

                        <value>

                            <![CDATA[300]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Timeout Error Threshold</name>

                        <value>

                            <![CDATA[20]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Web Application Name</name>

                        <value>

                            <![CDATA[127.0.0.1]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Request Parameter Set</name>

                        <value>

                            <![CDATA[Initial Parameters]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Sensitive Content: Social Security Numbers (US)</name>

                        <value>

                            <![CDATA[false]]>

                        </value>

                    </WasScanOption>

                    <WasScanOption>

                        <name>Target URL</name>

                        <value>

                            <![CDATA[http://127.0.0.1/]]>

                        </value>

                    </WasScanOption>

                </list>

            </options>

            <launchedDate>2015-11-01T20:12:23Z</launchedDate>

            <launchedBy>

                <id>2226741</id>

                <username>acme_ak1</username>

                <firstName>

                    <![CDATA[Amy]]>

                </firstName>

                <lastName>

                    <![CDATA[Kim]]>

                </lastName>

            </launchedBy>

            <status>CANCELLED</status>

            <cancelMode>USER</cancelMode>

            <canceledBy>

                <id>9872437571</id>

                <username>acme_bb5</username>

            </canceledBy>

            <sendMail>true</sendMail>

        </WasScan>

    </data>

</ServiceResponse>

A new release of Qualys WAS, Version 4.3 which includes API updates, is targeted for release in October. The specific day will differ depending on the platform.  See platform release dates for more information.  The updated APIs for WAS 4.3 enhance the ability to fully automate and integrate the Qualys WAS solution with other customer applications.  WAS APIs enable customers to perform all the major functions within WAS including creating web applications to scan, launching and scheduling scans, and running and retrieving reports.  The APIs enable custom integrations with GRC tools, bug tracking systems and web application firewalls (WAFs) just to name a few.

 

This API notification provides an early preview into the coming API changes in Qualys WAS 4.3, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

Please refer to attached document ( WAS 4.3 API Release Notification.pdf ) for full details and examples with full XML output.

 

API Enhancements

 

  • Option Profile API - Update Owner
  • DNS Override Settings
  • Disable Scan Complete Notification
  • Custom Attributes for Web Apps

 

Option Profile API - Update Owner

 

The Option Profile API has been updated to allow users to update the option profile owner. A new owner / id element has been added.

 

API Request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/update/was/optionprofil

e/123456" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST Data:

 

<ServiceRequest>

   <data>

      <OptionProfile>

         <owner><id>123456</id></owner>

      </OptionProfile>

   </data>

</ServiceRequest>

 

DNS Override Settings

 

For this release users can define DNS override settings and apply them to scans. We’ve made updates to multiple WAS APIs to support this capability. DNS override settings are defined using the WAS user interface. The mappings you define will override the DNS associated with the target web application URL.

 

WebApp API

 

Updated XSD: webapp.xsd

 

New section for WebApp CREATE and UPDATE

 

Assign DNS override settings, one or more records, to a web application when making requests to create and update web applications. Records are specified in the dnsOverrides section.

 

API request (CREATE):

 

curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp/" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

   <data>

      <WebApp>

         <name><![CDATA[My Web App]]></name>

         <url><![CDATA[http://test.com]]></url>

         <scope>ALL</scope>

         <defaultScanner>

            <type>EXTERNAL</type>

            </defaultScanner>

            <scannerLocked>false</scannerLocked>

      <dnsOverrides>

         <set>

            <DnsOverride>

               <id>2022</id>

            </DnsOverride>

         </set>

      </dnsOverrides>

      <useRobots>IGNORE</useRobots>

      <useSitemap>false</useSitemap>

      <malwareMonitoring>false</malwareMonitoring>

   </WebApp>

</data>

</ServiceRequest>

 

Updated response from WebApp GET


When a web application has default DNS override settings defined, the new dnsOverrides element lists the record(s) containing the DNS override settings.


API request:

 

curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/2508873"

 

Scan API

 

Updated XSD: scan.xsd, wasscan.xsd

 

New attribute for Scan LAUNCH

 

Use the new dnsOverride element to specify DNS override settings, one or more records.

 

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan" < file.xml

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

   <data>

      <WasScan>

         <name><![CDATA[Launch Scan from API with DNS Override)]]></name>

         <type>VULNERABILITY</type>

         <target>

            <webApp>

               <id>2461682</id>

            </webApp>

            <scannerAppliance>

               <type>EXTERNAL</type>

            </scannerAppliance>

            <dnsOverride><id>3220</id></dnsOverride>

         </target>

         <profile><id>395933</id></profile>

      </WasScan>

   </data>

</ServiceRequest>

 

Updated response from Scan GET

 

When a scan has DNS override settings defined, the dnsOverride element lists DNS override settings (record) to be used for scanning.

 

API request:

 

curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/1381602"

 

Scan Schedule API

 

Updated XSD: schedule.xsd, wasscanschedule.xsd

 

New attribute for Schedule CREATE and UPDATE


Use the new dnsOverride element to specify DNS override settings.

 

API request (CREATE):

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/create/was/wasscanschedule" < file.xml

 

Request POST data:

 

<ServiceRequest>

<data>

   <WasScanSchedule>

     <name><![CDATA[My Scan Schedule]]></name>

     <type>VULNERABILITY</type>

     <active>false</active>   

     <scheduling>

        <!--<cancelTime>15:00</cancelTime> -->

        <cancelAfterNHours>7</cancelAfterNHours>

       <startDate>2013-09-30T13:11:00Z</startDate>

       <timeZone>

         <code>America/Dawson</code>

       </timeZone>

       <occurrenceType>ONCE</occurrenceType>

     </scheduling>

     <target>

            <webApp>

               <id>2461682</id>

            </webApp>

       <scannerAppliance>

         <type>EXTERNAL</type>

       </scannerAppliance>

       <cancelOption>DEFAULT</cancelOption>

       <dnsOverride><id>3220</id></dnsOverride>

     </target>

     <profile>

        <id>395933</id>

     </profile>

   </WasScanSchedule>

</data>

</ServiceRequest>

 

API request (UPDATE):

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/update/was/wasscanschedule/340194" < file.xml

 

Request POST data:

 

<ServiceRequest>

<data>

   <WasScanSchedule>

       <target>

         <dnsOverride><id>3220</id></dnsOverride>

     </target>

   </WasScanSchedule>

</data>

</ServiceRequest>

 

Updated response from Schedule GET


When a scan schedule has DNS override settings defined, the dnsOverride element lists the DNS override settings to be used for scanning.

 

API request:

 

curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscanschedule/340194" < file.xml

 

Request POST data:

 

<ServiceRequest>

<data>

   <WasScanSchedule>

       <target>

         <dnsOverride><id>3220</id></dnsOverride>

     </target>

   </WasScanSchedule>

</data>

</ServiceRequest>

 

Disable Scan Complete Notification

 

By default we’ll send email notifications to users when a scan completes. Now you can disable this notification when making a request to launch a scan or schedule a scan. The Using the WAS API just specify <sendMail>false</sendMail> as shown below for your scan or schedule request.

 

Scan API Update

 

Updated XSD: scan.xsd, wasscan.xsd

 

New attribute for Scan LAUNCH

 

Use new sendMail attribute to disable scan complete email notifications.

 

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <data>

    <WasScan>

      <name><![CDATA[My Vulnerability Scan]]></name>

      <type>VULNERABILITY</type>

      <target>

        <webApp>

          <id>2376280</id>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

        <cancelOption>DEFAULT</cancelOption>

      </target>

       <sendMail>false</sendMail>

    </WasScan>

  </data>

</ServiceRequest>

 

Update to Scan GET

 

New sendMail element in the XML output.

 

API request:

 

curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/1382978"

 

Scan Schedule API

 

Updated XSD: schedule.xsd, wasscanschedule.xsd

 

New attribute for Schedule CREATE and UPDATE


Use new sendMail attribute to disable scan complete email notifications.

 

API request (UPDATE):

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/update/was/wasscanschedule" < file.xml

 

Request POST data:

 

<ServiceRequest>

  <data>

    <WasScanSchedule>

      <notification>

        <active>true</active>

        <delay>

          <nb>4</nb>

          <scale>DAY</scale>

        </delay>

        <recipients>

          <set>         <EmailAddress><![CDATA[name1@company.com]]></EmailAddress>         <EmailAddress><![CDATA[name2@company.com]]></EmailAddress>                 <EmailAddress><![CDATA[name3@company.com]]></EmailAddress>          

          </set>

        </recipients>

        <message><![CDATA[The schedule notification message]]></message>      

      </notification>

       <sendMail>false</sendMail>

    </WasScanSchedule>

  </data>

</ServiceRequest>

 

Update to Schedule GET

 

New sendMail element in the XML output.

 

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscanschedule/1688” < file.xml

 

Custom Attributes for Web Apps


WAS 4.3 gives you the ability to assign custom attributes to your web applications. Using the WebApp API you can add, update and search custom attributes.

 

Web App API

 

Updated XSD: webapp.xsd

 

Web App SEARCH supports searching custom attributes

 

Search custom attributes using the new field attribute for the Criteria element.

 

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data (CONTAINS):

 

Find web applications that have a custom attribute name “Function” and this attribute has a value that contains “web” (case insensitive search).

 

<ServiceRequest>

       <filters>

         <Criteria field="attributes" name="Function"  operator="CONTAINS">web</Criteria>

       </filters>

</ServiceRequest>

 

Request POST data (EQUALS):

 

Find web applications that have a custom attribute name “Function” and this attribute has a value that is equal to “web”.

 

<ServiceRequest>

       <filters>

         <Criteria field="attributes" name="Function" operator="EQUALS">web</Criteria>

       </filters>

</ServiceRequest>

 

Request POST data (NOT EQUALS):

 

Find web applications that have a custom attribute name “Function” and this attribute has a value not equal to “web”.

 

<ServiceRequest>

       <filters>

         <Criteria field="attributes" name="Function" operator="NOT EQUALS">web</Criteria>

       </filters>

</ServiceRequest>

 

New section for WebApp CREATE

 

When custom attributes are defined they appear in the XML output in the new attributes element.

 

API request (CREATE):

 

Create a new web app with custom attributes.

 

curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp/" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <data>

    <WebApp>

        <name><![CDATA[Custom Attribute via API]]></name> <url><![CDATA[http://funkytown.vuln.qa.qualys.com:80/updated_web_app_name/]]></url>

        <attributes>

            <set>

            <Attribute>

             <name>Custom key 1</name>

             <value><![CDATA[Custom value 1]]></value>

            </Attribute>

            </set>

        </attributes>

    </WebApp>

   </data>

</ServiceRequest>


New section for WebApp UPDATE

 

Add, update and remove attribute names and values using the new input attribute “attributes”.

 

API request (UDATE sample 1):

 

Modify existing custom attribute value.

 

curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST"

--data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/2514679" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

ServiceRequest>

  <data>

        <WebApp>

            <attributes>

                <update>

                    <Attribute>

                     <name>Custom key 1</name>

                     <value><![CDATA[Custom value 2]]></value>

                    </Attribute>

                </update>

            </attributes>

        </WebApp>

  </data>

</ServiceRequest>

 

API request (UDATE sample 2):

 

Add new custom attribute value.

 

curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST"

--data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/2514679" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <data>

        <WebApp>

            <attributes>

                <add>

                    <Attribute>

                     <name>Custom key 3</name>

                     <value><![CDATA[Custom value 3]]></value>

                    </Attribute>

                </add>

            </attributes>

        </WebApp>

  </data>

</ServiceRequest>

 

API request (UDATE sample 3):


Remove existing custom attribute value.

 

curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST"

--data-binary @- "https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/2514679" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <data>

        <WebApp>

            <attributes>

                <remove>

                    <Attribute>

                     <name>Custom key 3</name>

                    </Attribute>

                </remove>

            </attributes>

        </WebApp>

  </data>

</ServiceRequest>


A new release of Qualys WAS, Version 4.3 which includes API updates, is targeted for release in October. The specific day will differ depending on the platform.  See platform release dates for more information.  The updated APIs for WAS 4.3 enhance the ability to fully automate and integrate the Qualys WAS solution with other customer applications.  WAS APIs enable customers to perform all the major functions within WAS including creating web applications to scan, launching and scheduling scans, and running and retrieving reports.  The APIs enable custom integrations with GRC tools, bug tracking systems and web application firewalls (WAFs) just to name a few.

 

 

This API notification provides an early preview into the coming API changes in Qualys WAS 4.3, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.


 

API Enhancements

 

Scan Status Enhancements


We’ve improved the reporting of scan status to help users better understand scan status. Enhancements include:

 

“Time Limit Exceeded” has been changed to "Time Limit Reached"

The status “Time Limit Exceeded” is no longer used.


Updated Status “No Web Service Detected”

We will now report this status when QID 150111 is reported in the scan results (element WEB_SITE/IGS/IG/QID).


New Status “Service Errors Detected”

This new status tells you the scan stopped before completion due to service errors related to timeouts during the scan, for example exceeding connection timeouts/error threshold.


New Status “Scan Internal Error”

This new status tells you the scan encountered an unexpected and unrecoverable error, which forced it to stop assessment.

 

 

Scan API

 

Updated XSD: scan.xsd/wasscan.xsd

 

New filters for Scan COUNT, Scan SEARCH

 

Includes scans with the new status using the resultsStatus filter.

 

New values for resultsStatus
TIME_LIMIT_REACHEDInclude scans with scan status “Time Limit Reached”. Previous filter TIME_LIMIT_EXCEEDED is no longer valid.
SERVICE_ERRORInclude scans with scan status “Service Errors Detected”
SCAN_INTERNAL_ERRORInclude scans with scan status “Scan Internal Error”

 


Sample for Scan COUNT

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-  "https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <filters>

      <Criteria field="resultsStatus" operator="IN">SERVICE_ERROR, SCAN_INTERNAL_ERROR</Criteria>

  </filters>

</ServiceRequest>

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

    <responseCode>SUCCESS</responseCode>

    <count>38</count>

</ServiceResponse>

 

Updated response from Scan SEARCH, Scan GET

 

The resultsStatus element in the XML output now reports one of the new scan status values as appropriate: TIME_LIMIT_REACHED, SERVICE_ERROR, SCAN_INTERNAL_ERROR.

 

Sample for Scan SEARCH

 

Request POST data:

 

<ServiceRequest>

  <filters>

      <Criteria field="resultsStatus" operator="IN">SERVICE_ERROR, SCAN_INTERNAL_ERROR, TIME_LIMIT_REACHED</Criteria>

      <Criteria field="id" operator="IN">1352324,1327378,1353021</Criteria>

  </filters>

</ServiceRequest>

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

  <responseCode>SUCCESS</responseCode>

  <count>3</count>

  <hasMoreRecords>false</hasMoreRecords>

  <data>

    <WasScan>

      <id>1327378</id>

      <name><![CDATA[TLE Test]]></name>

      <reference>was/1438303380031.1842885</reference>

      <type>VULNERABILITY</type>

      <mode>ONDEMAND</mode>

      <multi>false</multi>

      <target>

        <webApp>

          <id>1901948</id>

          <name><![CDATA[My Web App WAF]]></name>

          <url><![CDATA[http://10.10.26.238/waf]]></url>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

        <cancelOption>SPECIFIC</cancelOption>

      </target>

      <profile>

        <id>69923</id>

        <name><![CDATA[My Profile 23]]></name>

      </profile>

      <launchedDate>2015-07-31T00:43:00Z</launchedDate>

      <launchedBy>

        <id>4354</id>

        <username>acme_ab1</username>

        <firstName><![CDATA[John]]></firstName>

        <lastName><![CDATA[Smith]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <summary>

        <crawlDuration>141</crawlDuration>

        <testDuration>47</testDuration>

        <linksCrawled>30</linksCrawled>

        <nbRequests>3466</nbRequests>

        <resultsStatus>TIME_LIMIT_REACHED</resultsStatus>

        <authStatus>NONE</authStatus>

        <os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP</os>

      </summary>

    </WasScan>

    <WasScan>

      <id>1352324</id>

      <name><![CDATA[Schedule proxy Internal - Proxy out of scope to subuser]]></name>

      <reference>was/1441617604130.1847313</reference>

      <type>VULNERABILITY</type>

      <mode>SCHEDULED</mode>

      <multi>false</multi>

      <target>

        <webApp>

          <id>2309688</id>

          <name><![CDATA[My Web App BOQ]]></name>

          <url><![CDATA[http://10.10.26.238/boq/]]></url>

        </webApp>

        <scannerAppliance>

          <type>INTERNAL</type>

          <friendlyName><![CDATA[acme_sa1]]></friendlyName>

        </scannerAppliance>

        <proxy>

          <id>1425</id>

          <name><![CDATA[My Proxy]]></name>

          <url><![CDATA[http://10.10.10.11]]></url>

        </proxy>

      </target>

      <profile>

        <id>270541</id>

        <name><![CDATA[My Profile 41]]></name>

      </profile>

      <launchedDate>2015-09-07T09:20:04Z</launchedDate>

      <launchedBy>

        <id>4355</id>

        <username>qualys_ag2</username>

        <firstName><![CDATA[Alan]]></firstName>

        <lastName><![CDATA[Green]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <summary>

        <crawlDuration>774</crawlDuration>

        <testDuration>4</testDuration>

        <linksCrawled>300</linksCrawled>

        <nbRequests>2785</nbRequests>

        <resultsStatus>SERVICE_ERROR</resultsStatus>

        <authStatus>NONE</authStatus>

        <os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP</os>

      </summary>

    </WasScan>

    <WasScan>

      <id>1353021</id>

      <name><![CDATA[Sched Vulnerability Scan - 2.7.0.10 WA - 2015-Mar-09]]></name>

      <reference>was/1441488303443.1847104</reference>

      <type>VULNERABILITY</type>

      <mode>SCHEDULED</mode>

      <multi>false</multi>

      <target>

        <webApp>

          <id>2284474</id>

          <name><![CDATA[My Web App 238]]></name>

          <url><![CDATA[http://10.10.26.238]]></url>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

      </target>

      <profile>

        <id>139359</id>

        <name><![CDATA[My Profile 59]]></name>

      </profile>

      <launchedDate>2015-09-05T21:25:03Z</launchedDate>

      <launchedBy>

        <id>4354</id>

        <username>acme_ag2</username>

        <firstName><![CDATA[Alan]]></firstName>

        <lastName><![CDATA[Green]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <summary>

        <resultsStatus>SCAN_INTERNAL_ERROR</resultsStatus>

        <authStatus>NONE</authStatus>

      </summary>

    </WasScan>

  </data>

</ServiceResponse>

 

Sample for Scan GET Output (for SCAN_INTERNAL_ERROR)

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/scan.xsd">

  <responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <WasScan>

      <id>1353021</id>

      <name><![CDATA[Sched Vulnerability Scan - 2.7.0.10 WA - 2015-Mar-09]]></name>

      <reference>was/1441488303443.1847104</reference>

      <type>VULNERABILITY</type>

      <mode>SCHEDULED</mode>

      <progressiveScanning>true</progressiveScanning>

      <multi>false</multi>

      <target>

        <webApp>

          <id>2284474</id>

          <name><![CDATA[My Web App 238]]></name>

          <url><![CDATA[http://10.10.26.238]]></url>

        </webApp>

        <scannerAppliance>

          <type>EXTERNAL</type>

        </scannerAppliance>

      </target>

      <profile>

        <id>139359</id>

        <name><![CDATA[My Profile 59]]></name>

      </profile>

      <options>

        <count>14</count>

        <list>

          <WasScanOption>

            <name>Web Application Authentication Record Name</name>

            <value><![CDATA[None]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Sensitive Content: Credit Card Numbers</name>

            <value><![CDATA[false]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Performance Settings</name>

            <value><![CDATA[LOW]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Scanner Appliance</name>

            <value><![CDATA[External (IP: 10.10.21.160, Scanner: 7.14.37-1, WAS: 3.9.50-1, Signatures: 2.3.30-1)]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Detection Scope</name>

            <value><![CDATA[COMPLETE]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Crawling Form Submissions</name>

            <value><![CDATA[BOTH]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Bruteforce Settings</name>

            <value><![CDATA[EXHAUSTIVE]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Option Profile Name</name>

            <value><![CDATA[10 Links edit]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Maximum Crawling Links</name>

            <value><![CDATA[10]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Web Application Name</name>

            <value><![CDATA[My Web App]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Request Parameter Set</name>

            <value><![CDATA[My Parameter Set]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Sensitive Content: Social Security Numbers (US)</name>

            <value><![CDATA[false]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Cancel At</name>

            <value><![CDATA[1441557900000]]></value>

          </WasScanOption>

          <WasScanOption>

            <name>Target URL</name>

            <value><![CDATA[http://10.10.26.238]]></value>

          </WasScanOption>

        </list>

      </options>

      <launchedDate>2015-09-05T21:25:03Z</launchedDate>

      <launchedBy>

        <id>4354</id>

        <username>acme_ag2</username>

        <firstName><![CDATA[Alan]]></firstName>

        <lastName><![CDATA[Green]]></lastName>

      </launchedBy>

      <status>FINISHED</status>

      <scanDuration>171606</scanDuration>

      <summary>

        <resultsStatus>SCAN_INTERNAL_ERROR</resultsStatus>

        <authStatus>NONE</authStatus>

      </summary>

      <sendMail>true</sendMail>

    </WasScan>

  </data>

</ServiceResponse>

 

Report API

 

Updated XSD: report.xsd

 

For Scorecard Report creation request, you can include scans with the status “Service Errors Detected” by specifying the filters/scanStatus element with the value SERVICE_ERROR.

 

API request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/report" < file.xml

 

Note: “file.xml” contains the request POST data.

 

Request POST data:

 

<ServiceRequest>

  <data>

    <Report>

      <name><![CDATA[My Scorecard Report]]></name>

      <description><![CDATA[A simple scorecard report]]> </description>

      <format>PDF</format>

      <type>WAS_SCORECARD_REPORT</type>

      <config>

        <scorecardReport>

          <target>

            <tags>

              <Tag>

                <id>243130</id>

              </Tag>

            </tags>

          </target>

          <display>

            <contents>              <ScorecardReportContent>DESCRIPTION</ScorecardReportContent>              <ScorecardReportContent>SUMMARY</ScorecardReportContent>              <ScorecardReportContent>GRAPHS</ScorecardReportContent>              <ScorecardReportContent>RESULTS</ScorecardReportContent>

            </contents>

            <graphs>        <ScorecardReportGraph>VULNERABILITIES_BY_GROUP</ScorecardReportGraph>        <ScorecardReportGraph>VULNERABILITIES_BY_OWASP</ScorecardReportGraph>        <ScorecardReportGraph>VULNERABILITIES_BY_WASC</ScorecardReportGraph>

          </graphs>

          <groups>

            <ScorecardReportGroup>GROUP</ScorecardReportGroup>

            <ScorecardReportGroup>OWASP</ScorecardReportGroup>

            <ScorecardReportGroup>WASC</ScorecardReportGroup>

          </groups>

          <options>

            <rawLevels>false</rawLevels>

          </options>

            </display>

            <filters>

                <scanDate>

                <startDate>2014-06-28</startDate>

                <endDate>2014-07-28</endDate>

              </scanDate>

              <scanStatus>SERVICE_ERROR</scanStatus>

              <scanAuthStatus>NONE</scanAuthStatus>

            </filters>

          </scorecardReport>

        </config>

      </Report>

  </data>

</ServiceRequest>

A new release of Qualys WAS, Version 4.2 which includes an API update, is targeted for release in mid July depending on the platform.  See platform release dates at the end of this post  for more information.  The updated APIs for WAS 4.2 enhance the ability to fully automate and integrate the Qualys WAS solution with other customer applications.  WAS APIs enable customers to perform all the major functions within WAS including creating web applications to scan, launching and scheduling scans, and running and retrieving reports.  The APIs enable custom integrations with GRC tools, bug tracking systems and web application firewalls (WAFs) just to name a few.

 

This API notification provides an early preview into the coming API changes in Qualys WAS 4.2, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

Qualys WAS 4.2 Release Notification - Available July 16th, 2015 on US Platform 1

Qualys WAS 4.2 Release Notification - Available July 13th, 2015 on US Platform 2

The specified item was not found.

 

 

API Enhancements

Updates to Cancel Scan Option (API)

We’ve made updates to the cancel scan option for this release. Now WAS lets you configure a default scan cancel option per web application using the Web App API . Also when launching or scheduling a scan you can choose to use the default web app setting or override it with a custom setting using the Scan API and Schedule API.

 

Finding API - New “IS EMPTY” Filter for External References

We’ve added a way to identify findings findings with empty external references. The new “IS EMPTY” filter can be assigned as an operator to the externalRef field using the Finding API Count and Search methods.

 

Please refer to attached document ( WAS 4.2 API Release Notification.pdf ) for full details.

 

This document was generated from the following discussion: The specified item was not found.

Filter Blog

By date: By tag: