AnsweredAssumed Answered

How to exclude request parameter

Question asked by Reddy Gujja on Sep 26, 2014

During my web application scan ATG adds "_requestid=" param at the end of the URL. When I generate the report based on two scans, Qualys reports same vulnerability as New because of the url being different in each scan due to the _requestid param added to url. I want to be able to generate the report saying "exclude _requestid param from the url" so I do not get duplicate vulnerability reported as New. Here is an example


scan 1: XSS Vulnerability on URL:

scan 2: XSS Vulnerability on URL:


When generating the report Qualys says 1 new vulnerability found and lists as new XSS vulnerability, how to avoid it?


Thank you

Reddy Gujja