• Issue with WAS API call - search/was/findings

    For the past few days all my calls to the get/was/finding/### API has been failing with the following error: OTHER_ERROR Details: An error occurred during request processing. Please contact your account manager. ...
    last modified by wkolatac
  • IP address range(s) to FW whitelisting so that the Qualys scanner won’t be blocked?

    Asking for a client: What are the IP address range(s) to whitelist for our Web Application Firewall so that the Qualys scanner won’t be blocked when attempting scans?
    Joe Woodwell
    last modified by Joe Woodwell
  • Issue with search/was/finding since recent upgrade

    Since the recent upgrade (end of March), some of my search/was/findings calls are failing. For example: <ServiceRequest>    <preferences>       <verbose>...
    last modified by wkolatac
  • Zombie POODLE and GOLDENDOODLE Vulnerabilities - Oracle HTTP Server 12c

    Hello Qualys Community,   We ran SSL Server test on SSL Labs site and the overall rating shows as 'F' now with the below messages for Ciphers and Protocol section.If we removed the CBC weak one's from CipherSuit...
    Soma Yedubati
    last modified by Soma Yedubati
  • Blind Elephant Static-File Web Application Fingerprinter

    Hello,   What is the status of this project? Is there a public git repo somewhere (eg. GitHub) ?
    André Ricardo
    last modified by André Ricardo
  • XSS Vulnerability (False positive?)

    Qualys detects a XSS vulnerability in a page where the users have option to search company information besed on input from user in text box (i.e company code). There is no options to save the text box content in the D...
    Md. Imran Hosan
    last modified by Md. Imran Hosan
  • Why is Qualys attempting brute-force payloads when "minimal" brute-force list is set in Option Profile?

    I have the system list set to "Minimal" in my profile, which is described as trying "Empty passwords + UID" as the only brute-force attempt the scan will try.  However, I recently ran accross a scan that cam...
    Jamie Crow
    last modified by Jamie Crow
  • API call pricing

    Hi,   I have been using Qualys for around 4 years and recently started the WAS module and it is quite impressive. I would like to include this capability into my homegrown application for scan scheduling and re...
    Manish Rana
    last modified by Manish Rana
  • QID 150000 and 150001 Detection Logic Changes

    Hello All, Has there been any changes to the detection logic used for QID 150000 - Persistent Cross-Site Scripting (XSS) Vulnerabilities and QID 150001 - Reflected Cross-Site Scripting (XSS) Vulnerabilities?...
    Jayson Coulter
    last modified by Jayson Coulter
  • Authentication failure

    Before start, I wanted to clarify that I have contacted support already, without much responses. And that is pretty annoying since we have been trying to resolve this issue for last two weeks.   We are getting a...
    Maximiliano Lagos
    last modified by Maximiliano Lagos
  • WAS - default to chrome browser

    Hello, Can someone please let me know which browser does Qualys WAS scan uses when it runs the Scan? Is there a way to default to Chrome or other browsers? Hasan
    Hasan Mirza
    last modified by Hasan Mirza
  • WAS Progressive scan (discovery vs vulnerability)

    Hi All,  i have noticed that for the Was discovery scan there is no an option that allow progressive scan even if in the configuration settings for the Web application "progressive scan" is enabled. it seems th...
    last modified by hazaher
  • Add Authorization header with dynamic value

    I'm trying to scan a REST API which requires an Authorization header with a token which is generated in one endpoint (/login). This token expires, that's why I can't use the inject header option.   I did a Selen...
    giladopo Garcia
    last modified by giladopo Garcia
  • Postman and Qualys WAS

    Can postman be used to create file for Qualys WAS for API Scanning? If so, can someone provide directions please? Regards
    Hasan Mirza
    last modified by Hasan Mirza
  • WAS Scan for SharePoint 2013 using NTLM

    I have a SharePoint site exposed externally that is authenticating using NTLM. I've tried basic authentication, NTLM but nothing seems to work. Checked the documentation and I can't figure out which settings are neede...
    Waldemar Pabon
    last modified by Waldemar Pabon
  • Authentication verification

    we are running WAS scans on more then 2000 URL's per year and are using the Qualys browser for Authentication. Offen we experience the browser script running fine, but the Auth test failing. Reason is probably the ver...
    Robert van Manen
    last modified by Robert van Manen
  • How many vulnerabilities does Qualys WAS supports ?

    I need to know how many vulnerabilities does Qualys WAS supports ? I don't have the solution at work.
    Thomas S
    last modified by Thomas S
  • SOAP APIs not crawled even when WSDL is specified as explicit URL

    Hello,   I am trying to scan an ASP.NET web service (.asmx). Here are the steps I followed and the observations -   After configuring the application, ran a discovery scan and did not see the WSDL being re...
    Aarthi Sriraman
    last modified by Aarthi Sriraman
  • Progressive scan

    Hello, I have a question about the Progressive scan explained here: Progressive Scanning Explained    I launched a non-continuous scan (triggered by the command "scan" and with the option "progressive scan...
    Pasquale C
    last modified by Pasquale C
  • WAS Bruteforce Settings and Auth Records

    Afternoon All, First-time poster, long time lurker. I could use some insight into WAS Bruteforce Settings, the differences between the option levels, and if the Bruteforce attempt utilizes the 'Standard Login' authe...
    Jayson Coulter
    last modified by Jayson Coulter