• Scanning a SOAP webservice for vulnerabilities

    I tried running a Qualys web application scan on below WSDL http://www.myorg.com/services/Handling?WSDL and received the error message   "Failed to parse the WSDL due to following error in the WSDL. Schema Pa...
    Steve P
    last modified by Steve P
  • New QID for vulnerabilities in Oracle WebLogic Server

    The WebLogic Server product of Oracle Middleware Fusion is widely used as a middle-tier application server to run Java web applications.  Recently, Oracle released their Critical Patch Update for April 2020 that ...
    Dave Ferguson
    last modified by Dave Ferguson
  • User Agent - what to insert there for source identification

    Hello again. I would like to help the technical team identify the source of the Qualys queries. What do you think about idea to add some special words in "User agent" field like "Mozilla/5.0 (Qualys scan ....)"?...
    pawelpietrzynski
    last modified by pawelpietrzynski
  • How Qualys works?

    Hello All. I have one question related to the “intelligence” of Qualys approach to the scans. Will the Qualys use QID related to the e.g. WordPress if the web site will be used Joomla CMS? I would like to ...
    pawelpietrzynski
    last modified by pawelpietrzynski
  • API Testing with Postman Collections

    This article describes how to set up vulnerability scanning of your API using Qualys WAS with a Postman Collection.  Initial support for Postman Collections in WAS was released in October 2019.   Postman Col...
    Ed Arnold
    last modified by Ed Arnold
  • Qualys WAS Connector for Bamboo

    We are pleased to announce that the Qualys WAS Connector for Bamboo is now available.  Bamboo by Atlassian is a popular commercial CI/CD tool. The Qualys WAS Connector for Bamboo is a native plugin for Bamboo tha...
    Dave Ferguson
    last modified by Dave Ferguson
  • BrowserCheck FAQ

    About Qualys BrowserCheck The threat of browser-based data breaches is growing. The number of vulnerabilities in browser plugins is on the rise. Now is the time to be proactive about the security of your web browser. ...
    bharfoush
    last modified by Robert Dell'Immagine
  • API Access to Vulnerability History status

    Hi - Revisiting a previous topic with a slightly different question. When i look at a Web Application Report online, select the Vulnerabilities section, I can see a list of vulnerabilities with various ...
    wkolatac
    last modified by wkolatac
  • WAS Scan Optimization

    When performing Web Application Scanning with Qualys WAS, you may experience long scan times or a Time Limit Reached status triggered by QID 150024 - Scan Time Limit Reached. To improve scan times in those situations,...
    Ed Arnold
    last modified by Ed Arnold
  • WAS Engine 7.8 Released

    Greetings!  This is to announce that WAS Engine 7.8 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS sc...
    Dave Ferguson
    last modified by Dave Ferguson
  • Web Service Scanning - DataPower Authentication SoapHeader

    Hello,   I am attempting to scan some web services by providing the WSDL links. All the scans are returning 500 errors due to bad authentication. These services reside behind a dataPower proxy that requires a SO...
    Ryan M
    last modified by Ryan M
  • Qualys scan on application using Federated login ?

    Hello Experts,                      I need to scan an application which has Federated login and it does not prompt the User for any user id or password parameter...
    ramesh r
    created by ramesh r
  • API Testing with Swagger / OpenAPI

    The Qualys Web Application Scanning module allows users to scan APIs in addition to traditional web applications.  This article will examine testing an API that adheres to the OpenAPI Specification through the us...
    John Delaroderie
    last modified by John Delaroderie
  • Viewing Web Application Response Headers For Validating QIDs

    Introduction Whether you are manually validating QIDs for web application response headers or need to obtain an authorization token for header injection in your WAS scan, there are several ways you can extract them fr...
    John Delaroderie
    last modified by John Delaroderie
  • Web Application Scanning - Controlling Links Crawled with Explicit URLs, Redundant Links, Black Lists, and White Lists

    Qualys WAS offers many options to control what URLs are crawled and tested during a Web Application Scan.  However, customers can potentially misconfigure their web application configuration and end up scanning U...
    John Delaroderie
    last modified by John Delaroderie
  • Web Application Vulnerability scan

    bonjour Je suis Bamba DIOUF Directeur des Opérations à ACCEL Technologies à Dakar / SENEGAL. Je souhaite réaliser pour un client un scan de vulnérabilité sur une application...
    Bamba DIOUF
    last modified by Bamba DIOUF
  • Qualys WAS Connector for Jenkins

    The Qualys Web App Scanning Connector for Jenkins is a native plugin for Jenkins that empowers DevOps teams to automate dynamic application vulnerability scans into their CI/CD processes.  By integrating and auto...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS Connector for TeamCity

    We are pleased to announce that the Qualys WAS Connector for TeamCity is now available.  TeamCity by JetBrains is a popular commercial CI/CD tool.  The Qualys WAS Connector for TeamCity is a native plugin fo...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS - All detections for web application with a tag "PROD"

    All my web applications are tagged with "PROD".   Is there a way to pull all finding (detection's) for web application with given tag?   https://{{base_url}}/qps/rest/3.0/get/was/finding/   <Servi...
    Tom S
    last modified by Tom S
  • WAS Engine 7.7 Released

    Greetings!  This is to announce that WAS Engine 7.7 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS sc...
    Dave Ferguson
    last modified by Dave Ferguson