AnsweredAssumed Answered

Mapping BURP vs WAS Vulnerabilities.

Question asked by Sanjeev Savant on Mar 9, 2019
Latest reply on Mar 11, 2019 by derekv



When the vulnerability is being reported by Burp Suite web vulnerability scanner, how can we map it to QID in  WAS?

One method is using  Burp Suite integration one can  import Burp scan report into WAS.

But if the BURP log XML file is not available, some sort of Mapping will be useful. The common link is CWE-ID.

Mapping Table : First is example , second and third row is my question 

BURP Vulnerability


Qualys QID




Password field with autocomplete enabled

200 Information Exposure

150112 Sensitive form field has not disabled autocomplete

A6 Security Misconfiguration

WASC-13 Information Leakage


SSL cookie without secure flag set

614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute




Search in the Knowledgebase shows shows no results

Cacheable HTTPS response

524 : Information Exposure Through Caching

525 : Information Exposure Through Browser Caching




Search in the Knowledgebase shows shows no results