• 3rd party outdated library detections

    Hi All,   I'm trying to find out if there is a way we can find out outdated or vulnerable 3rd party library vulns??   Any inputs are much appreciated.   Thanks, Akash.
    Akash Singh
    created by Akash Singh
  • SameSite Cookie Info

    We were looking to see if Qualys WAS could be used to detect what the SameSite cookie attritube is set to for a given web application. There are some checks in place today around whether cookies contain the secur...
    Donal Scollan
    last modified by Donal Scollan
  • Configuring a Web Application w/ Explicit URLs to Crawl

    I am working on configuring a web application for scanning which requires the use of "Explicit URLs to Crawl" and I'm running to some issues. I'm hoping the community can help point me in the right direction. Please c...
    last modified by sufttwf0dfrvcmjpbgo=
  • How to better manage Qualys WAS for 30 sites that are scanned monthly

    I was giving the responsibility of a Qualys WAS. There are around 30 sites I need to monthly scan, and check alerts. I need to automate all this process so I'm thinking on this Create a script or application that coul...
    D TG
    last modified by D TG
  • How to configure a scan for the application with the "connection not secure page"?

    How to configure a scan for the application with the "connection not secure page"?   I tried to perform the authentication scan using custom method it was successful but only crawled one link and full web app sc...
    Alpha male
    created by Alpha male
  • Enable Symantec VIP MFA for existing users

    Hi All,   I searched the website but couldn't find a guidance over this. Basically I would like to enforce VIP MFA to my users in Qualys. We only have admin access to WAS, we can manage our own user environment....
    Burhan Cimen
    last modified by Burhan Cimen
  • How to create a WAS-only user

    This article describes how to create a "WAS-only" user with no capabilities in other Qualys modules or products.  This is for the purpose of maintaining least privileges and is typical for developers or QA person...
    Parag Baxi
    last modified by Dave Ferguson
  • Customizing the "Core" Detection Scope

    Some customers have asked how to customize the default "Core" detection scope in WAS (e.g., remove certain QIDs or add others).  This would be accomplished using the "Custom Search Lists" scope as follows.  ...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 7.4 Released

    Greetings!  To wrap up 2019, we have released WAS Engine 7.4 to all Qualys platforms including private cloud platforms.  This is part of our ongoing effort to continuously improve the WAS scanning engine. &#...
    Dave Ferguson
    last modified by Dave Ferguson
  • qualys scan showing different vulnerability on each different run

    qualys WAS scan showing different vulnerability on each different run
    Karteek Gande
    last modified by Karteek Gande
  • We have few calculation implemented in Python and how do i scan that.

    From salesforce, we send data to python(Heroku) and perform some calculations and send the response back to salesforce.    How do I scan python related stuff? 
    Karteek Gande
    last modified by Karteek Gande
  • Authentication Status Failed

    Hola, estoy tratando de hacer un scaneo de vulnerabilidades  y me está mandando error de autentificación,  y antes no me lo mandaba, he hecho varios ejercicios antes y está es la 1ra vez...
    Adalberto Cesar
    last modified by Adalberto Cesar
  • Qualys WAS and OWASP Top 10 2017 Coverage

    This PDF document explains how Qualys WAS provides testing coverage for the OWASP Top 10 2017 edition.
    Dave Ferguson
    last modified by Dave Ferguson
  • I have scanned a website, however the result is NULL.

    Any tip on why it is happening? there is no firewall preventing the scanning....and I can see the website's links are being crawled, but after the scan finish, there is no severity. any tip on that?
    Paiva Luiz
    last modified by Paiva Luiz
  • Qualys WAS Update - Portal 2.42

    Greetings all -   A new version of Qualys WAS was recently released.  It is part of Portal 2.42 - aka Qualys Cloud Platform 2.42 release - and it has been deployed to all Qualys shared platforms.  This...
    Dave Ferguson
    last modified by Dave Ferguson
  • we have our automation suite triggering some of these POST requests, so is it possible to instrument Qualys during the automation suite run

    when we ran the Qualys scan for our application, we observed that some URLs are not scanned/triggered, do we know how we can make sure all the HTTP requests are scanned, is it possible to instrument Qualys with our au...
    Karteek Gande
    last modified by Karteek Gande
  • Is it possible to scan a site using two different user-agents ? 

    This would allow us to scan a single URL to access both mobile and non-mobile content.   Thanks
    Robo Scan
    last modified by Robo Scan
  • New Detections Rolling Out for Vulnerable CMSs and CMS Plugins

    In a previous post, we described how Qualys WAS added new informational QIDs to report CMS versions and CMS plugins found on your scanned web applications.  Now, as part of the continuous improvement of the scann...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAF Understanding the basic

    Hi guys,   I m new to Qualys WAF platform, we recently bought licence for Qualys WAF, AM, etc.   I am having some problems understanding Qualys WAF, so , I have installed it on my virtual platform, success...
    tarik B
    last modified by tarik B
  • Web Shell Detection in WAS

    Recently, the WAS scan engine began testing for the presence of known web shells via QID 150239.  This QID is included in Core detection scope.  If a web shell is found, it means the scanned application has ...
    Dave Ferguson
    last modified by Robert Dell'Immagine