• Do community users no longer have access to WAS API?

    I'm trying run a WAS scan via curl:   curl -u "user:passd" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg3.apps.qualys.com/qps/rest/3.0/launch/was/wasscan" < launch.xml   B...
    Lourdes Dorado
    last modified by Lourdes Dorado
  • Qualys WAS Plugin for TeamCity

    We are pleased to announce that a Qualys WAS plugin for TeamCity is now available.  TeamCity by JetBrains is a popular commercial CI/CD tool.  Just like our WAS plugin for Jenkins, the plugin for TeamCity al...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS Plugin for Jenkins

    The Qualys WAS plugin for Jenkins empowers DevOps teams to build application vulnerability scans into their CI/CD processes. By integrating and automating scans in this manner, application security testing is accompli...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS multiple targets - scan until completion

    I am looking for suggestion or workflow idea as I seem to be struggling to run multiple site scan.   I schedule scan of 3 Web applications (progressive, 10 daily occurrences, scan window 22-8). I want to make su...
    Tom S
    last modified by Tom S
  • Detect default credentials on web management for network/system devices

    I would like to check if any web interfaces for network/system devices (servers, routers, switches, printers) are using default vendor passwords ?   In VM module, we can run brute-force, but that doesn't check w...
    ukki ikku
    created by ukki ikku
  • WAS - Links Crawled

    Please explain in detail what does links crawled mean (QID 150009)? does it mean the scanner also scans those links when a scan is launched against as website?
    Ricardo Nash
    last modified by Ricardo Nash
  • How to ignore multiple WAS Findings?

    Its a pain to ignore the specific findings in WAS, one by one,within the same vulnerability. Is there away to ignore the whole vulnerability or at least select multiple specific findings?
    Dario Rivera Jr
    last modified by Dario Rivera Jr
  • Need Help understanding Qualys scan output

    Just starting out with Qualys and attempting to understand scan results.  Is there Qualys repository that I can reference to understand scan results/findings i.e (HTTP protocol compliance failed:Null in request)?...
    Tomara Watkins
    last modified by Tomara Watkins
  • support the scanning of rest API with swagger file

    I am glad that Qualys support s the scanning of  rest API through simplified swagger file. However, the instructions looks simple from the announcement, "Simply configure the URL of the web application in WAS to ...
    Eric Huang
    last modified by Eric Huang
  • Run scan on 2 different URL's for same web application at the same Time

    How can i run scan on two different URL's for one web application at the same time? For example, need to configure scan for below 2 URL's under same web application name "Google".  First URL     ...
    Alpha male
    last modified by Alpha male
  • WAS Engine 7.5 Released

    Greetings!  This is to let you know that WAS Engine 7.5 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WA...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS : What does scan status "Service Errors Detected" mean?

    WAS : What does scan status "Service Errors Detected" mean? What could be the possible cause for this .
    Vishwesh Kumar
    last modified by Vishwesh Kumar
  • Using API to identify web vulnerability scans with 'High' severity

    I'm hoping to get some design advice ... I have four multi-site configurations, each with hundreds of web application configurations. The multi-site configurations run separately, one each weekend (we scan each webs...
    wkolatac
    last modified by wkolatac
  • Qualys WAS Update - Portal 2.43

    Greetings! A new version of Qualys WAS has been released.  It is part of Portal 2.43 - aka Qualys Cloud Platform 2.43 - and is being deployed to all Qualys shared platforms over the next few days.  This re...
    Dave Ferguson
    last modified by Dave Ferguson
  • Autenticación de aplicación con certificado FNMT

    Buenas tardes. ¿Es posible crear un registro de autenticación de aplicación web utilizando un certificado de la FNMT? Es decir, crear un registro de autenticación para una aplicació...
  • Feature request: WAS plug-in for Azure DevOps

    We would like to integrate WAS into CI/CD process of Azure DevOps. However, it seems WAS plug-in currently exists only for Jenkins. Can you create a WAS plug-in to integrate into Azure DevOps CICD process?
    Srinivasa Yennam
    last modified by Srinivasa Yennam
  • INVALID XML FORMAT: Content is not allowed in prolog

    I'm trying to call the api create/was/webapp with the following payload -   <ServiceRequest> <data> <WebApp> <name>Application</name> <url>https://X.X.X.X</url> <uris...
    Ritik Saxena
    last modified by Ritik Saxena
  • Selenium script fails

    I have created a selenium script while performing the authentication test, script fails with msg in orange "Finished" , in scan diagnostic fails for the open URL step "step timed out after 480000" although i have set ...
    Alpha male
    last modified by Alpha male
  • 150085 Slow HTTP POST vulnerability

    I scan my site with 'Qualys', sometimes it reported the 'Slow HTTP POST vulnerability', sometimes not. My enviroment is windows server 2016 iis 10. Bellow is my configuration:   Config Path: C:\Windows\...
    summer wang
    last modified by summer wang
  • Does Qualys WAS support of CGI program access permission check (such as: GET, PUT, DELETE)?

    WAS supports Post & Get in advance, and does not support "Put, Delete" vulnerability detection on the website's vulnerability detection
    Jacky Chen
    created by Jacky Chen