• API Access to Vulnerability History status

    Hi - Revisiting a previous topic with a slightly different question. When i look at a Web Application Report online, select the Vulnerabilities section, I can see a list of vulnerabilities with various ...
    wkolatac
    last modified by wkolatac
  • WAS Scan Optimization

    When performing Web Application Scanning with Qualys WAS, you may experience long scan times or a Time Limit Reached status triggered by QID 150024 - Scan Time Limit Reached. To improve scan times in those situations,...
    Ed Arnold
    last modified by Ed Arnold
  • WAS Engine 7.8 Released

    Greetings!  This is to announce that WAS Engine 7.8 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS sc...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys scan on application using Federated login ?

    Hello Experts,                      I need to scan an application which has Federated login and it does not prompt the User for any user id or password parameter...
    ramesh r
    created by ramesh r
  • API Testing with Swagger / OpenAPI

    The Qualys Web Application Scanning module allows users to scan APIs in addition to traditional web applications.  This article will examine testing an API that adheres to the OpenAPI Specification through the us...
    John Delaroderie
    last modified by John Delaroderie
  • Viewing Web Application Response Headers For Validating QIDs

    Introduction Whether you are manually validating QIDs for web application response headers or need to obtain an authorization token for header injection in your WAS scan, there are several ways you can extract them fr...
    John Delaroderie
    last modified by John Delaroderie
  • Web Application Scanning - Controlling Links Crawled with Explicit URLs, Redundant Links, Black Lists, and White Lists

    Qualys WAS offers many options to control what URLs are crawled and tested during a Web Application Scan.  However, customers can potentially misconfigure their web application configuration and end up scanning U...
    John Delaroderie
    last modified by John Delaroderie
  • Web Application Vulnerability scan

    bonjour Je suis Bamba DIOUF Directeur des Opérations à ACCEL Technologies à Dakar / SENEGAL. Je souhaite réaliser pour un client un scan de vulnérabilité sur une application...
    Bamba DIOUF
    last modified by Bamba DIOUF
  • Custom Qualys-Jira Integration Whitepaper

    Custom Qualys-Jira Integration Whitepaper Version 4 | Updated on 12/17/2019 Qualys Modules Covered in Scope: VM, PC, FIM, CS, WAS   Getting StartedDue to the high community demand for custom Jira inte...
    Laura Seletos
    last modified by Robert Dell'Immagine
  • Qualys WAS Connector for Jenkins

    The Qualys Web App Scanning Connector for Jenkins is a native plugin for Jenkins that empowers DevOps teams to automate dynamic application vulnerability scans into their CI/CD processes.  By integrating and auto...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS Connector for TeamCity

    We are pleased to announce that the Qualys WAS Connector for TeamCity is now available.  TeamCity by JetBrains is a popular commercial CI/CD tool.  The Qualys WAS Connector for TeamCity is a native plugin fo...
    Dave Ferguson
    last modified by Dave Ferguson
  • Intermittent issues on WAS and SCA

    Has anyone seeing issues with WAS,SCA issues like error state, intermittent issues like reports go blank, looks like the product has many bugs.
    sandy bsasav
    created by sandy bsasav
  • Cloud Apps New UIs Detailed Roadmap

    Hello all, As i see on the QSCs and presentations about modules, there is an effort on migrating old UIs to new Elastic search and new Dashboards (on VM and new modules)   Is there any ETA for WAS, AV, PC, CA, ...
  • Qualys Cloud Platform 3.0.1.0 (WAS) API notification 1

    A new release of Qualys Cloud Platform 3.0.1.0 (WAS) includes an updated API which is targeted for release in May 2020. The specific day will differ depending on the platform. See platform release dates on the Qualys ...
    Jeff Leggett
    last modified by Jeff Leggett
  • WAS - All detections for web application with a tag "PROD"

    All my web applications are tagged with "PROD".   Is there a way to pull all finding (detection's) for web application with given tag?   https://{{base_url}}/qps/rest/3.0/get/was/finding/   <Servi...
    Tom S
    last modified by Tom S
  • WAS Engine 7.7 Released

    Greetings!  This is to announce that WAS Engine 7.7 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS sc...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS and Security Questions

    We have an application we need to scan but it has security questions required for authentication. Can WAS work with security questions?
    Richard Feldmann
    last modified by Richard Feldmann
  • Emergency Qualys Portal Upgrades? 2.44.0.0?

    Hi Friends: I've noticed a flurry of recent activity in Qualys' change controls. On March 10th, I saw [Scheduled] US Platform 2: Qualys Suite PORTAL 2.44.0.0 Release Notification (CMB-65395). Today, March 16th...
    Ted Gardener
    last modified by Ted Gardener
  • Customizing the "Core" Detection Scope

    Some customers have asked how to customize the Core detection scope in WAS (e.g., remove certain QIDs or add others).  Currently the best way to accomplish this is to use "Custom Search Lists" detection scope as ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Web Shell Detection in WAS

    Recently, the WAS scan engine began testing for the presence of known web shells via QID 150239.  This QID is included in Core detection scope and is rated by Qualys as severity 5 (highest severity).  If a w...
    Dave Ferguson
    last modified by Dave Ferguson