Log in to follow, share, and participate in this community. Not a member? Join Now! If i configure a site as specifically HTTPS does the scanner check to see if the site also listens on HTTP ? The same the other way around ? I'd almost expect the site to scan on HTTP... When using the progressive scanning feature in Qualys WAS, you may not be able to tell from the scan list if your web application has been completely scanned or not. You will see the progressive scan count increase ev... Hello, I have a scan to make on a web application. On one of the links of the first application there is a redirection on a tab. I can not get qualys to scan the second application. Is this a problem due to the open... Some customers have asked how to customize the default "Core" detection scope in WAS (e.g., remove certain QIDs or add others). This would be accomplished using the "Custom Search Lists" scope as follows. ... Greetings! WAS Engine 7.2 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the WAS scanning engine. Th... Good morning friends, How do I perform a scan on a web application that is on the internal network? Is there any configuration in Qualys so that I can scan hosts from a LAN as I mentioned? Hi, I want to extract report from result of scan web application, I want to extract only severity 3,4 and 5. The first thing I notice, is verry differnt with generating report in vulnerability management. I t... Exceptions are made for managing false-positive or false-negative events. The addition of the Exception subsystem into the Qualys WAF service provides significant flexibility in service management and security policy... Virtual Patches are meant for protecting unitary vulnerabilities that are not already protected by the current WAF Security Policy. Virtual Patching is the first step toward a tight integration between the Qu... WAS and WAF have a common licensing unit: Web Applications. Qualys AssetView is the corner-stone of the WAF integration with WAS. Indeed, in order to cooperate, Qualys WAS and WAF modules need to share a comm... Qualys WAF is a virtual appliance designed for easy and flexible deployment and management. The management of the configuration is done through the cloud-based Qualys Portal, while the deployment is done on premise. Y... In a previous post, we described how Qualys WAS added new informational QIDs to report CMS versions and CMS plugins found on your scanned web applications. Now, as part of the continuous improvement of the scann... I'm not sure why the authentication tests fail with my webapp. The report says the form is found at the DNS link, but the authentication form is actually where the index.php redirects. Anyway, the report fin... I need to find out whether a given website still supports TLS v1.0 and tried customizing the default "Core" detection scope in WAS by adding a "Custom Search Lists". Unfortunately while adding ... Greetings all - A new version of Qualys WAS is now available. It is part of Portal 2.41 - aka Qualys Cloud Platform 2.41 release - and it's being deployed to all Qualys shared platforms over the next fe... Hi Everyone, I am new to Qualys and getting through first hurdles - clean slate, slowly building up my asset collection. I am trying to scan several domains and report supported SSL/TL... We setup our WAS security personnel with permissions limiting them to WAS and Reporting from within Role Management over a year ago. However, during a recent audit, we found that these users actually have access ... When deploying Qualys WAF, the Portal needs to have encryption certificates and keys in the PEM format. However, oftentimes (particularly when using Microsoft servers), you'll see an integrated certificate and k... Qualys WAF includes comprehensive support for encrypted web applications and, while configuration is very simple, there are a few key concepts to keep in mind to properly configure a web application for SSL support. &... We would like to integrate WAS into CI/CD process of Azure DevOps. However, it seems WAS plug-in currently exists only for Jenkins. Can you create a WAS plug-in to integrate into Azure DevOps CICD process?