1. home icon for breadcrumbs >
  2. Release 3.6

Release 3.6

June 04, 2024

What's New?

Integration with Web Application Scanning App

With this release, we have added support for assets and certificates for web applications scanned by WAS. Users with an active WAS subscription now have the ability to view all assets scanned by WAS directly within Certificate View.

Benefits

You can get a complete visibility and assessment for all the certificates on the web application, including a detailed assessment report, certificate strength, signature algorithm, and cipher suits, and you can monitor their expiration.

Pre-requisites

You must have a valid WAS subscription to view the assets scanned by WAS.  

You can use tokens asset:(wasUrl ),instance:(sources: WAS)to view all assets certificates and instances associated with certificates identified by WAS application.

was assets in assets tab

 You can view the URL under the asset name scanned by WAS. Clicking the URL navigates to the Application Details page of the WAS application.

New Token for Assets Tab

Token Description Example
asset:(wasUrl: ) Use WAS URL to search assets scanned by WAS. asset:(wasUrl:"https://www.example.com")

New Token for Certificates Tab

Token Description Example
asset:(wasUrl: ) Use WAS URL to search certificates on assets scanned by WAS. asset:(wasUrl:"https://www.example.com")

New Value for Instance Source Token

With this release, you can use instance:(sources: ) token to search the certificates or assets scanned by Web Application Scanning (WAS) on the Certificates or Assets tab.

instance:(sources:WAS)

When this token is used in the Assets tab, the search query displays assets scanned by WAS. When used in the Certificates tab, it displays certificates on assets scanned by WAS.

Widget to View Certificates and Assets by WAS 

You can now create a widget for the dashboard to view assets or certificates scanned by WAS using  asset:(wasUrl:https://example.com) and instance:(sources:was)

Issue Addressed

The user received a certificate with a blank name, as the Common Name field was empty. To address this issue, relevant changes have been made to the code. Now, if the Common Name is empty, the certificate will take its name from the Subject Alternative Name (SAN). If that is also empty, it will use the string from the Subject DN, and if all fields are empty, it will take the serial number as the name.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.