AnsweredAssumed Answered

Does Qualys Web application scanner support MutationObserver specification?

Question asked by Vivek Mohan on Dec 13, 2016



We are using Qualys WAS to scan our Web Application. From our internal logs, it appears that the Qualys browser client lacks modern browser feature support, such as mutationobserver specification. For instance, here is a snippet from an error message "Error: Can\'t find variable: MutationObserver". 


As per MutationObserver - Web APIs | MDN , DOM Standard , MutationObserver is a way to react to changes in a DOM. It is designed as a replacement for Mutation Events defined in the DOM3 events specification. Additionally, the error message mentioned above essentially means that the MutationObserver specification is not supported by the browser client involved in the web application scan, and will need to be upgraded to a newer version, ReferenceError: Can't find variable: MutationObserver · Issue #68 · rev087/ng-inspector · GitHub.


I reached out to Qualys support to know the specific version of the Qualys browser or webkit engine that is being used, however the responses were not very helpful. 


My question is does the Qualys browser performing the web application scans support the MutationObserver specification? Does Qualys plan to upgrade the browser version in order to support this specification? Additionally, it would be helpful to know the specific version of the browser used in the Web Application scans.


Note that the issue here is not that Qualys uses features that are too new, but that it doesn't support features that are new enough.