Customer has a Web Application hosted internally and would like to scan it for vulnerabilities, what would be my best method for this?
To scan via the Web Application module or use the Vulnerability Management?
Thanks in advance.
These modules do totally different things. One is scanning the Application the other is scanning the underlying OS. In either case I would see if you can get a Virtual Appliance. You could put that in your network and then kick off the scan with that appliance and scan the application from inside.
If you can't do that for some reason you could expose the Application to just the Qualys SOC range. But check on the Virtual Appliance with your TAM; should only take about 30 minutes to deploy and update and once hooked to your subscription you will not notice the difference other than being able to do the scan internally.
The best answer would be to scan with both modules. Each of the modules is designed to look for different issues.
Retrieving data ...