• WAF Understanding the basic

    Hi guys,   I m new to Qualys WAF platform, we recently bought licence for Qualys WAF, AM, etc.   I am having some problems understanding Qualys WAF, so , I have installed it on my virtual platform, success...
    tarik B
    last modified by tarik B
  • Issues in including Selenium script for WAS

    Help me to sort out the below problem....      When we are performing a was scan using selenium script which is created using qualys recorder when we run a test case manually it is working then when ...
    manikanth
    last modified by manikanth
  • Form submission

    Hello ! 1- what is the use of modify form submission for GET, POST, GET&POST, None ?  2- The use of changing user agent in option profile ?
    Moderan Amoussou
    last modified by Moderan Amoussou
  • QID 150009

    Hello !  can someone explaine to me the two numbers beside the word ''Finding'' when you click on QID 150009 ?  one number is in blue color and the seconde one is in grey. 
    Moderan Amoussou
    last modified by Moderan Amoussou
  • Finding out legacy TLS v1.0

    I need to find out whether a given website still supports TLS v1.0 and tried customizing the default "Core" detection scope in WAS by adding a  "Custom Search Lists".   Unfortunately while adding ...
    Luca Gualteri
    last modified by Luca Gualteri
  • WAS Security Testing of Web Services

    Hello,   Qualys WAS supports basic security testing of SOAP based web services that have a Web Service Description Language (WSDL) file within the scope of the scan.  If WAS identifies a WSDL file that des...
    fmc
    last modified by fmc
  • 150022 Verbose Error Message, Can't reproduce

    I'm receiving 150022 Verbose Error Message vulnerabilities in my WAS scan reports that I'm not able to reproduce.  All 11 of these vulnerabilities are showing a 500 error response "Server Error".   ...
    Bradley Buntin
    last modified by Bradley Buntin
  • Issues running WAS scan on web application that doesn't support IE

    Hi, I have an open case since last week with not much progress but hoping someone here might have an answer. I have 4 web apps to scan that no longer support IE. Selenium script is failing because it can't find the s...
    Matt MacDonald
    last modified by Matt MacDonald
  • Selenium IDE incompatible with Firefox 55

    WAS customers using Selenium scripts should not update to Firefox 55 at this time due to incompatibility with the Selenium IDE extension.   https://seleniumhq.wordpress.com/2017/08/09/firefox-55-and-selenium-ide/
    Dave Ferguson
    last modified by Dave Ferguson
  • MDS uses separate Scanner IP address

    Team,   I would like to know whether MDS module uses separate scanner , if so how to find that IP in scan reports . We could see the IP address in WAS reports but not in MDS Reports 
    shanmugammanian
    last modified by shanmugammanian
  • New detection for CVE-2017-12611

    Greetings!   A new detection in WAS has been released for CVE-2017-12611.  This CVE is for another serious Apache Struts vulnerability.  In this case, a remote code execution (RCE) is possible when dev...
    Dave Ferguson
    created by Dave Ferguson
  • New detection for CVE-2017-9805

    Hi everyone,   Just letting you know that a new detection in WAS has been released for CVE-2017-9805.  This CVE is for a nasty vulnerability in Apache Struts (yes, another one) that occurs when the Struts R...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS Introduces Three New QIDs for Javascript Libraries and Content Management Systems

    Qualys Web Application Scanning (WAS) has added three new QIDs for; the use of Javascript libraries with known vulnerabilities (QID 150162), a listing of Javascript libraries used and detected (QID 150176) and our fir...
    fmc
    created by fmc
  • 150004 Path-Based Vulnerability - possible false detection?

    150004 Path-Based Vulnerability - possible false detection?   I ran the Qualys scan recently and it reported 10 counts of path disclosure.  The vulnerability is showing up because we are getting a response o...
    James Curry
    last modified by James Curry
  • A little frusterated

    Spent 15 minutes manually finding xss problems and 16 hours trying to get WAS to find and report on them. Tried different selenium scripts to find the form (in this case, it was a 'Search:...' box).   I don't th...
    Michael Scheidell
    last modified by Michael Scheidell
  • Qualys WAS - API Access Issue

    Hi Team,   This is regarding Qualys WAS APIs We are trying to run Qualys WAS API using below command: curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/ID" We replaced ID ...
    varun singhal
    last modified by varun singhal
  • Web Application List based on Tag Names

    Hi, I am trying to export WebApplication Lists based on Tags. Please let me know , is there anyway we can export all the Webapplications list in one short with all Tags present in it
    Shanmugam Manian
    last modified by Shanmugam Manian
  • WAS capabilities

    Hi, we have started using WAS.   Will like to ask the support from the community or the Qualys team to explain to what extent Qualys WAS supports analyzing the following technologies that are used in web app...
    marioc
    last modified by marioc
  • Qualys WAS API Client - PrevQAPI

    In the holiday spirit PrevSec is sharing PrevQAPI - a free WAS API command line interface  that enhances the powerful WAS API with additional client-side features. PrevQAPI simplifies some of the most common ...
    Will Bechtel
    created by Will Bechtel
  • New WAS QID 150126 for Links With High Resource Consumption (HTTP Time Bandit)

    Qualys has released a new WAS QID, 150126, to detect links with high resource consumption. Description: Initially presented at DEFCON 21 by Qualys researchers Tigran Gevorgyan and Vaagn Toukharian, HTTP Time Band...
    Steve McBride
    created by Steve McBride