• Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    last modified by DMFezzaReed
  • Handling SSO in Qualys WAS

    A common authentication mechanism used by web applications is single sign-on (SSO).  This introduces complexity and can cause some confusion when it comes to authenticating and scanning with Qualys WAS.  ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys Cloud Platform v2.42 (WAS/AM/SAQ) API notification 1

    A new release of Qualys Cloud Platform v2.42 (WAS/AM/SAQ) includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on t...
    Jeff Leggett
    last modified by Jeff Leggett
  • Jenkins Plugin for Qualys WAS

    The Jenkins plugin for Qualys WAS empowers DevOps teams to build application vulnerability scans into their CI/CD processes. By integrating and automating scans in this manner, application security testing is accompli...
    Dave Ferguson
    last modified by Dave Ferguson
  • Problem canceling authentication test

    I canceled the authentication test, deleted the web application, deleted all settings I made in Qualys, deleted the VM, "reseted" the entire account. The authentication test is in the state of "canceling" and not chan...
    Flavio Rossi
    last modified by Flavio Rossi
  • Issues in including Selenium script for WAS

    Help me to sort out the below problem....      When we are performing a was scan using selenium script which is created using qualys recorder when we run a test case manually it is working then when ...
    last modified by manikanth
  • Public methods available in Groovy Script for invocation on different objects

    av_tagging groovy
    last modified by DMFezzaReed
  • New Detections Rolling Out for Vulnerable CMSs and CMS Plugins

    In a previous post, we described how Qualys WAS added new informational QIDs to report CMS versions and CMS plugins found on your scanned web applications.  Now, as part of the continuous improvement of the scann...
    Dave Ferguson
    last modified by Dave Ferguson
  • QID 150009

    Hello !  can someone explaine to me the two numbers beside the word ''Finding'' when you click on QID 150009 ?  one number is in blue color and the seconde one is in grey. 
    Moderan Amoussou
    last modified by Moderan Amoussou
  • SSL Checks in WAS

    How can we include SSL/TLS validation and SSL certificate mismatch checks as part of the web application scanning?
    Venkata Tirthala
    last modified by Venkata Tirthala
  • Redundant Links

    Hello,  I want to know the meaning of Redundant Links when scanning web applications and a use case. Thank you.
    Moderan Amoussou
    last modified by Moderan Amoussou
  • Update to Qualys WAS Burp extension

    In case you missed it, a new version of the Qualys WAS Burp extension has been released.  You can now import a WAS finding into Burp Repeater to validate the finding.   Details are here - https://blog.qualy...
    Dave Ferguson
    last modified by Dave Ferguson
  • Redirection on a browser tab

    Hello, I have a scan to make on a web application. On one of the links of the first application there is a redirection on a tab. I can not get qualys to scan the second application. Is this a problem due to the open...
    last modified by Cyril GABILLAUD
  • WAS Dynamic Tag based on sev 4 or 5 vulns over last 6 months

    Looking in asset search to try and create a query that would allow such a tag i can't see a way to only show assets with  WAS and severity 5 vulnerabilities. The following  ...
    Robo Scan
    created by Robo Scan
  • Progressive Scanning: How to know when the entire application has been scanned

    When using the progressive scanning feature in Qualys WAS, you may not be able to tell from the scan list if your web application has been completely scanned or not. You will see the progressive scan count increase ev...
    Ian Johnson
    last modified by Robert Dell'Immagine
  • Customizing the "Core" Detection Scope

    Some customers have asked how to customize the default "Core" detection scope in WAS (e.g., remove certain QIDs or add others).  This would be accomplished using the "Custom Search Lists" scope as follows.  ...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 7.2 Released

    Greetings!   WAS Engine 7.2 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  Th...
    Dave Ferguson
    last modified by Dave Ferguson
  • Test shows TLS 1.1 enabled when it is not

    Here is what is set in my httpd.conf SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11 SSLProtocolEnable TLSv12 SSLCipherSpec ALL NONE SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec TLSv12 TLS_E...
    Eddie Clement
    last modified by Eddie Clement
  • Configuration for local environment scans

    Good morning friends, How do I perform a scan on a web application that is on the internal network? Is there any configuration in Qualys so that I can scan hosts from a LAN as I mentioned?
    Felipe Paranhos da Silva
    last modified by Felipe Paranhos da Silva
  • Error While Accessing Report via API

    Getting this below Error While accessing this api- https://servername/qps/rest/3.0/get/was/report/1302�    <?xml version="1.0" encoding="UTF-8"?> <ServiceResponse xmlns:xsi="http://www.w3.org/...
    atul kumar
    last modified by atul kumar