• WAS Engine 6.2 Released

    Hello all -   WAS Engine 6.2 has been released to all Qualys platforms including private cloud platforms.  This new release is part of our ongoing effort to continuously improve the WAS scanning engine....
    Dave Ferguson
    last modified by Dave Ferguson
  • New Detection for RCE in Drupal Core 8.5.x and 8.6.x

    Hello all   The Qualys WAS scanning engine has been updated with a new detection for CVE-2019-6340, a remote code execution (RCE) vulnerability in the Drupal CMS.  To exploit this vulnerability, an attacker&...
    Dave Ferguson
    last modified by Dave Ferguson
  • New Detection for File Content Disclosure Vulnerability in Ruby on Rails

    Hello all   The Qualys WAS scanning engine has been updated with a new detection for CVE-2019-5418, a serious file content disclosure vulnerability in Ruby on Rails.  Ensure that QID 150237 is enabled in you...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 6.5 Released

    Hello all -   WAS Engine 6.5 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  T...
    Dave Ferguson
    last modified by Dave Ferguson
  • Behaviour Settings Explained

    As part of the WAS options profile, you can define how you want the scanning to handle network and application errors. This is defined in the Behaviour Settings under Scan Parameters.  There are two settings that...
    Ian Johnson
    last modified by Ian Johnson
  • WAS Engine 6.4 Released

    Hello all -   WAS Engine 6.4 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  T...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 6.3 Released

    Hello all -   WAS Engine 6.3 has been released to all Qualys platforms including private cloud platforms.  This new release is part of our ongoing effort to continuously improve the WAS scanning engine....
    Dave Ferguson
    last modified by Dave Ferguson
  • New QID for RCE in Pivotal Spring Data REST package

    Hello all -   The Qualys WAS scanning engine has been updated to include a new detection for a remote code execution (RCE) vulnerability in Pivotal Spring Data REST, a sub-package that is part of the Spring Fram...
    Dave Ferguson
    last modified by Dave Ferguson
  • Two New QIDs Released

    Hello all -   Qualys WAS now includes two new vulnerability detections:   QID 150252 has been released for a cryptographic flaw in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Progress Sitef...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 6.0 Released

    Today we are releasing Qualys WAS Engine 6.0 to all Qualys platforms including private cloud platforms.  This is a milestone release that includes an upgrade of the browser engine used internally by WAS.  Th...
    Dave Ferguson
    last modified by Dave Ferguson
  • Firefox ESR and Selenium IDE

    23-APR-2018 UPDATE Qualys Browser Recorder - a Chrome extension - is now available from the Chrome Web Store.  Qualys Browser Recorder (QBR) takes the place of Selenium IDE for Qualys WAS customers.  Just l...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 6.1 Released

    WAS Engine 6.1 has been released to all Qualys platforms including private cloud platforms.  This new release is part of our ongoing effort to continuously improve the WAS scanning engine.  This update inclu...
    Dave Ferguson
    last modified by Dave Ferguson
  • New QID for Latest RCE in Apache Struts

    Hello all -   The Qualys WAS scanning engine has been updated with a new detection for CVE-2018-11776.  This is a serious remote code execution (RCE) vulnerability found in Apache Struts.  Specifically...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys Web Application Scanning Video Series

        Self-Paced Training » The Qualys Web Application Scanning (WAS) Video Series walks you through how to scan and report on web application vulnerabilities.     Overview  (9 mins)...
    Robert Dell'Immagine
    last modified by Dave Ferguson
  • What happened to "Complete" detection scope?

    Since the beginning of time in Qualys WAS, the default detection scope has been Complete.  All vulnerability detections (QIDs) were included in the scan by default.  This is what it looked like in the option...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS and Newly Discovered Drupal Vulnerability

    Hello all -   A new advisory about a remote code execution vulnerability in Drupal CMS was just published. This is a very dangerous vulnerability for which Mitre has assigned CVE-2018-7600.   The following...
    Dave Ferguson
    last modified by Dave Ferguson
  • New QID for Apache Struts "ParametersInterceptor" Flaw

    Hello all -   The Qualys WAS scanning engine has been updated to include a new detection for an Apache Struts remote code execution (RCE) vulnerability.  This is part of an ongoing effort to provide compreh...
    Dave Ferguson
    last modified by Dave Ferguson
  • Web Application Scanning through CDN-based WAF

    Customers that utilize a Content Delivery Network (CDN) based Web Application Firewall (WAF) may experience a degradation of Web Application Scanning accuracy when Qualys IP ranges are not white-listed.   Web ap...
    John Delaroderie
    last modified by John Delaroderie
  • New QID for detecting RCE in WebLogic Server

    Hello all -   The Qualys WAS scanning engine has been updated with a new vulnerability detection for a serious flaw in Oracle's WebLogic Server.  Specifically, we are talking about CVE-2017-10271.  If ...
    Dave Ferguson
    last modified by Dave Ferguson
  • New QIDs for Identifying Content Management Systems (CMS) and Plugins

    A Content Management System (CMS) is a platform for quickly creating and deploying web applications.  Three of the most popular CMSs are WordPress, Joomla, and Drupal.  Many third-party plugins that provide ...
    Dave Ferguson
    last modified by Dave Ferguson