• Rest API scan with SWAGGER URL

    Hello, we are starting to use Qualys to scan rest APIs. We have tried to perform scan with Postaman collection with uploading a variables which is clear more or less. Now we want to try a option with Swagger. So we n...
    Pavel Galatik
    created by Pavel Galatik
  • Problem canceling authentication test

    I canceled the authentication test, deleted the web application, deleted all settings I made in Qualys, deleted the VM, "reseted" the entire account. The authentication test is in the state of "canceling" and not chan...
    Flavio Rossi
    last modified by Flavio Rossi
  • SSL Checks in WAS

    How can we include SSL/TLS validation and SSL certificate mismatch checks as part of the web application scanning?
    Venkata Tirthala
    last modified by Venkata Tirthala
  • Authentication record for application in different language

    We have an application which is in French. The login screen has the fields in French i.e, "S'identifier" (for Username) and "Mot de passe" (for password). While creating the authentication record, if i select as e.g:...
    Suraj M
    last modified by Suraj M
  • Redundant Links

    Hello,  I want to know the meaning of Redundant Links when scanning web applications and a use case. Thank you.
    Moderan Amoussou
    last modified by Moderan Amoussou
  • HTTP vs HTTPS for a site

    If i configure a site as specifically HTTPS does the scanner check to see if the site also listens on HTTP ?     The same the other way around ?    I'd almost expect the site to scan on HTTP...
    Robo Scan
    last modified by Robo Scan
  • Redirection on a browser tab

    Hello, I have a scan to make on a web application. On one of the links of the first application there is a redirection on a tab. I can not get qualys to scan the second application. Is this a problem due to the open...
    last modified by Cyril GABILLAUD
  • Configuration for local environment scans

    Good morning friends, How do I perform a scan on a web application that is on the internal network? Is there any configuration in Qualys so that I can scan hosts from a LAN as I mentioned?
    Felipe Paranhos da Silva
    last modified by Felipe Paranhos da Silva
  • Generate report web application scanning

    Hi,  I want to extract report from result of scan web application, I want to extract only severity 3,4 and 5. The first thing I notice, is verry differnt with generating report in vulnerability management. I t...
    last modified by AMADOU DIALLO
  • WAS - How does authentication test works ?

    I'm not sure why the authentication tests fail with my webapp.   The report says the form is found at the DNS link, but the authentication form is actually where the index.php redirects. Anyway, the report fin...
    Emmanuel PAULIN
    last modified by Emmanuel PAULIN
  • SSL website scan via VM or WAS?

    Hi Everyone,    I am new to Qualys and getting through first hurdles - clean slate, slowly building up my asset collection.    I am trying to scan several domains and report supported SSL/TL...
    Tom S
    last modified by Tom S
  • Limited-scope user has access to modules outside of Role-defined limits

    We setup our WAS security personnel with permissions limiting them to WAS and Reporting from within Role Management over a year ago. However, during a recent audit, we found that these users actually have access ...
    Robert Sloan
    last modified by Robert Sloan
  • Feature request: WAS plug-in for Azure DevOps

    We would like to integrate WAS into CI/CD process of Azure DevOps. However, it seems WAS plug-in currently exists only for Jenkins. Can you create a WAS plug-in to integrate into Azure DevOps CICD process?
    Srinivasa Yennam
    last modified by Srinivasa Yennam
  • Speed up scanning by disabling path manipulation and ws enumeration

    Hi,   for one of our customers we're performing weekly scans at night. It is important to the customer the scan only takes place from 00:00 to 08:00, so it doesn't interfere with their daily routine. Over the la...
    last modified by Anthirian
  • I am receiving QID-8678, Web Server Uses Plain-Text Form Based Authentication.

    My app is running on iis8. I am using form authentication where my login page
    Kelvin Bryant
    last modified by Kelvin Bryant
  • ( _fbp ) facebook and ( _gcl_au ) Google AdSense/Analytics cookies

    Most websites have google analytics and/or facebook scripts in their website. These scripts creates cookies that we don’t own and cannot update. In the vulnerability report, these  cookies caused level 2 ...
    Lito Lomahan
    last modified by Lito Lomahan
  • adding option profile to webapplication

    HI While creating a webapplication from API call how can i add the option profile that is part of Scan settings.How do i get the ID of option profile?   Thanks, Harika
    harika samineni
    last modified by harika samineni
  • How to disable default QID's?

    Is there any way to disable default QIDs when running a SCAN? In my case, it is common to run search list-based SCANs, as an example I have a SCAN that takes hours, because standard QIDs take longer than the vulnerabi...
    Gabriel Goularte
    last modified by Gabriel Goularte
  • WAS + VM Scan

    Hi guys,      What's your strategy behind setup a WAS and VM scan against a web host? Eg.: (www.domain.com)   Background: I can set up a WAS scan using the hostname but VM seems not to have ...
    last modified by mrmime988
  • Adding Crawl scope

    HI While creating a webapplication from API call how can i add the Crawl Scope that is part of application details.
    harika samineni
    last modified by harika samineni