Qualys WAS Introduces Three New QIDs for Javascript Libraries and Content Management Systems

Discussion created by fmc on Aug 3, 2017

Qualys Web Application Scanning (WAS) has added three new QIDs for; the use of Javascript libraries with known vulnerabilities (QID 150162), a listing of Javascript libraries used and detected (QID 150176) and our first phase of comprehensive Content Management Systems identification and testing, CMS identification (QID 150177).


QID 150162:

This QID will report if and where the web application scanned is using one or more Javascript libraries which contain known vulnerabilities. Attackers could potentially exploit these vulnerabilities in the Javascript libraries. You should easily be able to refer to vendor's security advisories related to the vulnerable version of the libraries reported in this QID.


QID 150176:

This QID will report if and where the JavaScript libraries discovered by the Web Application Scanning engine in the results section. These libraries are reported along with other information such as: the page on which they were first found and their version and script uri.


QID 150177:

*This QID will report if and where any Content Management Systems (CMS) were detected on the target using fingerprinting. This technique compares static files at known locations against pre-computed hashes for versions of those files in all available releases.


* This is our first phase in releasing an accurate and comprehensive Content Management Systems (CMS) identification and vulnerability testing solution. This complete solution will be rolled out within the next few releases of Qualys WAS. 


Thank you.