Hello all -
WAS Engine 6.2 has been released to all Qualys platforms including private cloud platforms. This new release is part of our ongoing effort to continuously improve the WAS scanning engine. This update includes the following enhancements.
- New detection for blind XPath injection. QID 150251 will be reported if this vulnerability is detected by the WAS scanning engine.
- Additional improvement to reduce false negatives for QID 150051 (open redirect).
- Changes to reduce false positives for QID 150081 (missing X-Frame-Options).
- Added mechanism to handle API key as a URL parameter.
- Removed most recent links information from scan diagnostics.
- Changes to better identify Content Management System (CMS) when images are black-listed.
- Improved efficiency of DOM-based XSS testing.
If you encounter any problems in your WAS scans, please open a support ticket by selecting Help--Contact Support while logged into the platform. Feel free to post a question here on the Qualys Community site as well.