• WAS api issues ....

    Hi - I've been running the following process, via PHP code, for many months without issue.  The last day or so I've been having odd issues/behavior.  Hopefully someone can help....   I make a cou...
    last modified by wkolatac
  • Viewing Web Application Response Headers For Validating QIDs

    Introduction Response Headers QIDs Response Headers and Redirects Methods to View Response Headers Method 1: Chrome Browser Developer Tools Method 2: Firefox Browser Web Developer Method 3: OWASP...
    John Delaroderie
    last modified by John Delaroderie
  • WAS Engine 7.1 Released

    Greetings all!   WAS Engine 7.1 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine. ...
    Dave Ferguson
    last modified by Dave Ferguson
  • New Detections Rolling Out for Vulnerable CMSs and CMS Plugins

    In a previous post, we described how Qualys WAS added new informational QIDs to report CMS versions and CMS plugins found on your scanned web applications.  Now, as part of the continuous improvement of the scann...
    Dave Ferguson
    last modified by Dave Ferguson
  • Issues running WAS scan on web application that doesn't support IE

    Hi, I have an open case since last week with not much progress but hoping someone here might have an answer. I have 4 web apps to scan that no longer support IE. Selenium script is failing because it can't find the s...
    Matt MacDonald
    last modified by Matt MacDonald
  • List of urls/pages to scan

    I am having a web application which is having more than 20k links or pages. I would like to scan the 2000 links as they are having more hits. I tried putting the links in the whitelisting of WAS, but when I checked sc...
    last modified by shanmugammanian
  • Qualys WAS Update - Portal 2.40

    Greetings all!   A new version of Qualys WAS is now available.  It is part of Portal 2.40 - aka Qualys Cloud Platform 2.40 release - and it's being deployed to all shared platforms over the next few days.&#...
    Dave Ferguson
    last modified by Dave Ferguson
  • Limiting Subdomain Crawling in WAS

    Let's say I want to crawl the site www.abc.com.  So, www.abc.com/login or www.abc.com/aboutus...etc, etc .   BUT I also want to crawl subdomains:  something.abc.com, video.abc.com, more.abc.co...
    last modified by usdep3sm
  • QID 150022 - Verbose Error Message

    Hello Guys,    We are having some trouble with a QID(“Verbose Error”). For troubleshooting we have taken down this pages that were presenting errors, but, the QID continues showing us status: &l...
    Lucas C. Nunes
    last modified by Lucas C. Nunes
  • Can WAS scan corrupt an application database?

    We conducted an authenticated scan using an admin account. If an admin account with full permission was used, will using this account modify the database of an application?
    Pam Pine
    last modified by Pam Pine
  • Feature request: WAS plug-in for Azure DevOps

    We would like to integrate WAS into CI/CD process of Azure DevOps. However, it seems WAS plug-in currently exists only for Jenkins. Can you create a WAS plug-in to integrate into Azure DevOps CICD process?
    Srinivasa Yennam
    last modified by Srinivasa Yennam
  • Limited-scope user has access to modules outside of Role-defined limits

    We setup our WAS security personnel with permissions limiting them to WAS and Reporting from within Role Management over a year ago. However, during a recent audit, we found that these users actually have access ...
    Robert Sloan
    last modified by Robert Sloan
  • There is already a site with this URL in your subscription

    I created a WAF back in May and have been successfully working with it until today, I went to save a change and got "There is already a site with this URL in your subscription" . I believe another coworker was trying ...
    Eric Carnes
    last modified by Eric Carnes
  • WAS Engine 7.0 Released

    Greetings all!   I'm pleased to announce that WAS Engine 7.0 has been released to all Qualys shared platforms.  This new version adds support for TLS 1.3.  A huge amount of testing went into this relea...
    Dave Ferguson
    last modified by Dave Ferguson
  • Issue with WAS API call - search/was/findings

    For the past few days all my calls to the get/was/finding/### API has been failing with the following error: OTHER_ERROR Details: An error occurred during request processing. Please contact your account manager. ...
    last modified by wkolatac
  • Qualys Browser Recorder v1.1.6 Now Available

    Greetings all -   I'm pleased to announce that Qualys Browser Recorder (QBR) version 1.1.6_6 has been released.  First released by Qualys in 2018, QBR is an extension for the Chrome web browser that allows ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS update - Portal 2.39

    Greetings!   A new version of Qualys WAS is now available.  Portal 2.39 - aka Qualys Cloud Platform 2.39 release - is being deployed to all shared platforms this week and includes UI and API changes for WAS...
    Dave Ferguson
    last modified by Dave Ferguson
  • IP address range(s) to FW whitelisting so that the Qualys scanner won’t be blocked?

    Asking for a client: What are the IP address range(s) to whitelist for our Web Application Firewall so that the Qualys scanner won’t be blocked when attempting scans?
    Joe Woodwell
    last modified by Joe Woodwell
  • Issue with search/was/finding since recent upgrade

    Since the recent upgrade (end of March), some of my search/was/findings calls are failing. For example: <ServiceRequest>    <preferences>       <verbose>...
    last modified by wkolatac
  • Zombie POODLE and GOLDENDOODLE Vulnerabilities - Oracle HTTP Server 12c

    Hello Qualys Community,   We ran SSL Server test on SSL Labs site and the overall rating shows as 'F' now with the below messages for Ciphers and Protocol section.If we removed the CBC weak one's from CipherSuit...
    Soma Yedubati
    last modified by Soma Yedubati