• Feature request: WAS plug-in for Azure DevOps

    We would like to integrate WAS into CI/CD process of Azure DevOps. However, it seems WAS plug-in currently exists only for Jenkins. Can you create a WAS plug-in to integrate into Azure DevOps CICD process?
    Srinivasa Yennam
    last modified by Srinivasa Yennam
  • INVALID XML FORMAT: Content is not allowed in prolog

    I'm trying to call the api create/was/webapp with the following payload -   <ServiceRequest> <data> <WebApp> <name>Application</name> <url>https://X.X.X.X</url> <uris...
    Ritik Saxena
    last modified by Ritik Saxena
  • Selenium script fails

    I have created a selenium script while performing the authentication test, script fails with msg in orange "Finished" , in scan diagnostic fails for the open URL step "step timed out after 480000" although i have set ...
    Alpha male
    last modified by Alpha male
  • 150085 Slow HTTP POST vulnerability

    I scan my site with 'Qualys', sometimes it reported the 'Slow HTTP POST vulnerability', sometimes not. My enviroment is windows server 2016 iis 10. Bellow is my configuration:   Config Path: C:\Windows\...
    summer wang
    last modified by summer wang
  • Does Qualys WAS support of CGI program access permission check (such as: GET, PUT, DELETE)?

    WAS supports Post & Get in advance, and does not support "Put, Delete" vulnerability detection on the website's vulnerability detection
    Jacky Chen
    created by Jacky Chen
  • 3rd party outdated library detections

    Hi All,   I'm trying to find out if there is a way we can find out outdated or vulnerable 3rd party library vulns??   Any inputs are much appreciated.   Thanks, Akash.
    Akash Singh
    last modified by Akash Singh
  • SameSite Cookie Info

    We were looking to see if Qualys WAS could be used to detect what the SameSite cookie attritube is set to for a given web application. There are some checks in place today around whether cookies contain the secur...
    Donal Scollan
    last modified by Donal Scollan
  • Configuring a Web Application w/ Explicit URLs to Crawl

    I am working on configuring a web application for scanning which requires the use of "Explicit URLs to Crawl" and I'm running to some issues. I'm hoping the community can help point me in the right direction. Please c...
    sufttwf0dfrvcmjpbgo=
    last modified by sufttwf0dfrvcmjpbgo=
  • How to better manage Qualys WAS for 30 sites that are scanned monthly

    I was giving the responsibility of a Qualys WAS. There are around 30 sites I need to monthly scan, and check alerts. I need to automate all this process so I'm thinking on this Create a script or application that coul...
    D TG
    last modified by D TG
  • How to configure a scan for the application with the "connection not secure page"?

    How to configure a scan for the application with the "connection not secure page"?   I tried to perform the authentication scan using custom method it was successful but only crawled one link and full web app sc...
    Alpha male
    created by Alpha male
  • Enable Symantec VIP MFA for existing users

    Hi All,   I searched the website but couldn't find a guidance over this. Basically I would like to enforce VIP MFA to my users in Qualys. We only have admin access to WAS, we can manage our own user environment....
    Burhan Cimen
    last modified by Burhan Cimen
  • qualys scan showing different vulnerability on each different run

    qualys WAS scan showing different vulnerability on each different run
    Karteek Gande
    last modified by Karteek Gande
  • We have few calculation implemented in Python and how do i scan that.

    From salesforce, we send data to python(Heroku) and perform some calculations and send the response back to salesforce.    How do I scan python related stuff? 
    Karteek Gande
    last modified by Karteek Gande
  • I have scanned a website, however the result is NULL.

    Any tip on why it is happening? there is no firewall preventing the scanning....and I can see the website's links are being crawled, but after the scan finish, there is no severity. any tip on that?
    Paiva Luiz
    last modified by Paiva Luiz
  • we have our automation suite triggering some of these POST requests, so is it possible to instrument Qualys during the automation suite run

    when we ran the Qualys scan for our application, we observed that some URLs are not scanned/triggered, do we know how we can make sure all the HTTP requests are scanned, is it possible to instrument Qualys with our au...
    Karteek Gande
    last modified by Karteek Gande
  • Is it possible to scan a site using two different user-agents ? 

    This would allow us to scan a single URL to access both mobile and non-mobile content.   Thanks
    Robo Scan
    last modified by Robo Scan
  • Unauthenticated scan finds assets/urls that I can't browse to...

    I'm sure this question will show my ignorance--but I am running an unauthenticated scan on an application and am seeing findings on URLs that I can't even browse to.  When I try to browse to them, I get redirecte...
    Jamie Crow
    last modified by Jamie Crow
  • WAS Authenticated Scan Issue

    Recently, we had an issue while performing Authenticated Web Application Scanning. The scanner created random users about 60 users (username which is similar to sql injection command) and also it posted the pending tr...
    Anyl Mjn
    last modified by Anyl Mjn
  • Authentication scan

    I'm new in Qualys, I don't know how to scan authentication scan,  I have tried basic and selenium script, but it's  failing.    Here is the script content :   <?xml version="1.0" encoding...
    Rajesh Sharma
    last modified by Rajesh Sharma
  • Rest API scan with SWAGGER URL

    Hello, we are starting to use Qualys to scan rest APIs. We have tried to perform scan with Postaman collection with uploading a variables which is clear more or less. Now we want to try a option with Swagger. So we n...
    Pavel Galatik
    last modified by Pavel Galatik