• adding option profile to webapplication

    HI While creating a webapplication from API call how can i add the option profile that is part of Scan settings.How do i get the ID of option profile?   Thanks, Harika
    harika samineni
    last modified by harika samineni
  • How to disable default QID's?

    Is there any way to disable default QIDs when running a SCAN? In my case, it is common to run search list-based SCANs, as an example I have a SCAN that takes hours, because standard QIDs take longer than the vulnerabi...
    Gabriel Goularte
    last modified by Gabriel Goularte
  • WAS + VM Scan

    Hi guys,      What's your strategy behind setup a WAS and VM scan against a web host? Eg.: (www.domain.com)   Background: I can set up a WAS scan using the hostname but VM seems not to have ...
    mrmime988
    last modified by mrmime988
  • Adding Crawl scope

    HI While creating a webapplication from API call how can i add the Crawl Scope that is part of application details.
    harika samineni
    last modified by harika samineni
  • Can WAS scan corrupt an application database?

    We conducted an authenticated scan using an admin account. If an admin account with full permission was used, will using this account modify the database of an application?
    Pam Pine
    last modified by Pam Pine
  • WAS api issues ....

    Hi - I've been running the following process, via PHP code, for many months without issue.  The last day or so I've been having odd issues/behavior.  Hopefully someone can help....   I make a cou...
    wkolatac
    last modified by wkolatac
  • List of urls/pages to scan

    I am having a web application which is having more than 20k links or pages. I would like to scan the 2000 links as they are having more hits. I tried putting the links in the whitelisting of WAS, but when I checked sc...
    shanmugammanian
    last modified by shanmugammanian
  • Limiting Subdomain Crawling in WAS

    Let's say I want to crawl the site www.abc.com.  So, www.abc.com/login or www.abc.com/aboutus...etc, etc .   BUT I also want to crawl subdomains:  something.abc.com, video.abc.com, more.abc.co...
    usdep3sm
    last modified by usdep3sm
  • QID 150022 - Verbose Error Message

    Hello Guys,    We are having some trouble with a QID(“Verbose Error”). For troubleshooting we have taken down this pages that were presenting errors, but, the QID continues showing us status: &l...
    Lucas C. Nunes
    last modified by Lucas C. Nunes
  • There is already a site with this URL in your subscription

    I created a WAF back in May and have been successfully working with it until today, I went to save a change and got "There is already a site with this URL in your subscription" . I believe another coworker was trying ...
    Eric Carnes
    last modified by Eric Carnes
  • Issue with WAS API call - search/was/findings

    For the past few days all my calls to the get/was/finding/### API has been failing with the following error: OTHER_ERROR Details: An error occurred during request processing. Please contact your account manager. ...
    wkolatac
    last modified by wkolatac
  • IP address range(s) to FW whitelisting so that the Qualys scanner won’t be blocked?

    Asking for a client: What are the IP address range(s) to whitelist for our Web Application Firewall so that the Qualys scanner won’t be blocked when attempting scans?
    Joe Woodwell
    last modified by Joe Woodwell
  • Issue with search/was/finding since recent upgrade

    Since the recent upgrade (end of March), some of my search/was/findings calls are failing. For example: <ServiceRequest>    <preferences>       <verbose>...
    wkolatac
    last modified by wkolatac
  • Zombie POODLE and GOLDENDOODLE Vulnerabilities - Oracle HTTP Server 12c

    Hello Qualys Community,   We ran SSL Server test on SSL Labs site and the overall rating shows as 'F' now with the below messages for Ciphers and Protocol section.If we removed the CBC weak one's from CipherSuit...
    Soma Yedubati
    last modified by Soma Yedubati
  • Blind Elephant Static-File Web Application Fingerprinter

    Hello,   What is the status of this project? Is there a public git repo somewhere (eg. GitHub) ?
    André Ricardo
    last modified by André Ricardo
  • XSS Vulnerability (False positive?)

    Qualys detects a XSS vulnerability in a page where the users have option to search company information besed on input from user in text box (i.e company code). There is no options to save the text box content in the D...
    Md. Imran Hosan
    last modified by Md. Imran Hosan
  • Why is Qualys attempting brute-force payloads when "minimal" brute-force list is set in Option Profile?

    I have the system list set to "Minimal" in my profile, which is described as trying "Empty passwords + UID" as the only brute-force attempt the scan will try.  However, I recently ran accross a scan that cam...
    Jamie Crow
    last modified by Jamie Crow
  • API call pricing

    Hi,   I have been using Qualys for around 4 years and recently started the WAS module and it is quite impressive. I would like to include this capability into my homegrown application for scan scheduling and re...
    Manish Rana
    last modified by Manish Rana
  • QID 150000 and 150001 Detection Logic Changes

    Hello All, Has there been any changes to the detection logic used for QID 150000 - Persistent Cross-Site Scripting (XSS) Vulnerabilities and QID 150001 - Reflected Cross-Site Scripting (XSS) Vulnerabilities?...
    Jayson Coulter
    last modified by Jayson Coulter
  • Authentication failure

    Before start, I wanted to clarify that I have contacted support already, without much responses. And that is pretty annoying since we have been trying to resolve this issue for last two weeks.   We are getting a...
    Maximiliano Lagos
    last modified by Maximiliano Lagos