• Speed up scanning by disabling path manipulation and ws enumeration

    Hi,   for one of our customers we're performing weekly scans at night. It is important to the customer the scan only takes place from 00:00 to 08:00, so it doesn't interfere with their daily routine. Over the la...
    last modified by Anthirian
  • I am receiving QID-8678, Web Server Uses Plain-Text Form Based Authentication.

    My app is running on iis8. I am using form authentication where my login page
    Kelvin Bryant
    last modified by Kelvin Bryant
  • WAS Security Testing of Web Services

    Hello,   Qualys WAS supports basic security testing of SOAP based web services that have a Web Service Description Language (WSDL) file within the scope of the scan.  If WAS identifies a WSDL file that des...
    last modified by fmc
  • ( _fbp ) facebook and ( _gcl_au ) Google AdSense/Analytics cookies

    Most websites have google analytics and/or facebook scripts in their website. These scripts creates cookies that we don’t own and cannot update. In the vulnerability report, these  cookies caused level 2 ...
    Lito Lomahan
    last modified by Lito Lomahan
  • adding option profile to webapplication

    HI While creating a webapplication from API call how can i add the option profile that is part of Scan settings.How do i get the ID of option profile?   Thanks, Harika
    harika samineni
    last modified by harika samineni
  • How to disable default QID's?

    Is there any way to disable default QIDs when running a SCAN? In my case, it is common to run search list-based SCANs, as an example I have a SCAN that takes hours, because standard QIDs take longer than the vulnerabi...
    Gabriel Goularte
    last modified by Gabriel Goularte
  • Progressive Scanning Explained

    Progressive scanning is a feature within Qualys Web Application Scanning (WAS) that is now available to all customers. The intent and goal of progressive scanning is to add a mechanism to effectively scan very large w...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS + VM Scan

    Hi guys,      What's your strategy behind setup a WAS and VM scan against a web host? Eg.: (www.domain.com)   Background: I can set up a WAS scan using the hostname but VM seems not to have ...
    last modified by mrmime988
  • 150022 Verbose Error Message, Can't reproduce

    I'm receiving 150022 Verbose Error Message vulnerabilities in my WAS scan reports that I'm not able to reproduce.  All 11 of these vulnerabilities are showing a 500 error response "Server Error".   ...
    Bradley Buntin
    last modified by Bradley Buntin
  • Adding Crawl scope

    HI While creating a webapplication from API call how can i add the Crawl Scope that is part of application details.
    harika samineni
    last modified by harika samineni
  • Can WAS scan corrupt an application database?

    We conducted an authenticated scan using an admin account. If an admin account with full permission was used, will using this account modify the database of an application?
    Pam Pine
    last modified by Pam Pine
  • WAS api issues ....

    Hi - I've been running the following process, via PHP code, for many months without issue.  The last day or so I've been having odd issues/behavior.  Hopefully someone can help....   I make a cou...
    last modified by wkolatac
  • Viewing Web Application Response Headers For Validating QIDs

    Introduction Response Headers QIDs Response Headers and Redirects Methods to View Response Headers Method 1: Chrome Browser Developer Tools Method 2: Firefox Browser Web Developer Method 3: OWASP...
    John Delaroderie
    last modified by John Delaroderie
  • WAS Engine 7.1 Released

    Greetings all!   WAS Engine 7.1 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine. ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS selenium script authentication failure-API

    Hi There, I'm trying to run a Qualys WAS scan using selenium script for authentication record. When I try to launch the scan using API, the scan works but the authentication status is failure. However, if I use the s...
    Ritik Saxena
    last modified by Ritik Saxena
  • Issues running WAS scan on web application that doesn't support IE

    Hi, I have an open case since last week with not much progress but hoping someone here might have an answer. I have 4 web apps to scan that no longer support IE. Selenium script is failing because it can't find the s...
    Matt MacDonald
    last modified by Matt MacDonald
  • Qualys WAS Update - Portal 2.40

    Greetings all!   A new version of Qualys WAS is now available.  It is part of Portal 2.40 - aka Qualys Cloud Platform 2.40 release - and it's being deployed to all shared platforms over the next few days.&#...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys Cloud Platform v2.40 API notification 1

    A new release of Qualys Cloud Platform v2.40 (WAS) includes an updated API which is targeted for release in August 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys...
    Jeff Leggett
    last modified by Jeff Leggett
  • Obtaining Administrator Module Roles via API

    Hello!   I am seeking to either export or extract via the API a complete list of the users in my subscription along with any Tags that are assigned to them, the last time they logged in, and any Roles they have ...
    Jarrod Bradbury
    created by Jarrod Bradbury
  • Which IP address I should whitelist on my Firewall so  Web Application Scanning can run properly?

    Hi guys,   Do anyone now which IP address i should Whitelist on my firewall so I can run passed by my firewall. I found this information but i'm not sure.   https://discussions.qualys.com/docs/DOC-4865-kno...
    Felipe Bertolini
    last modified by Felipe Bertolini