TotalAppSec Release 2.2 | Web Application Scanning Release 1.22

July 28, 2025

TotalAppSec and Web Application Scanning

The following are the new features and updates available with the TotalAppSec and Web Application Scanning subscription.

Customize Advanced Filters for Enhanced Search

Advanced filters now support operators for building precise search queries. With the operators, you can build complex and specific search queries without manually entering QQL tokens.

For example, you can use the Greater than operator in the TruRisk Score filter to find the applications with the TruRisk Score greater than the specified value.

Operators for Text-based Search

For the filters where the values are alphanumeric strings, you can use the following operators to refine the search criteria further.

Contains: Use this operator to retrieve search results containing the specified text value.
Exact: Use this operator to retrieve search results that match the specified text value exactly.
Starts with: Use this operator to retrieve search results that start with the specified text value.
Ends with: Use this operator to retrieve search results that end with the specified text value.

The following image presents an example of the filter set to find web applications where the name contains WebApp Test.

Operators for Text-based Search.

Operators for Numeric Search

For the filters with numeric values, such as QIDs, Risk Score, you can use the following filters to refine the search criteria:

Equals: Use this operator to retrieve search results that exactly match the specified numeric value.
Greater than: Use this operator to retrieve search results with values greater than the specified numeric value.
Less than: Use this operator to retrieve search results with values less than the specified numeric value.

The following image presents an example of the filter set to find web applications with a TruRisk™ Score greater than 200.

Operators for Numeric Search.

Enhanced QQL Searches Across Tabs

We have enhanced the QQL search experience with the new enhancement, where the QQL search results in a tab are retained even when navigating the application to different tabs.

Earlier, if the user performed a search using QQL tokens and navigated to any other tab, the search queries were not retained, and the user needed to enter the QQL query again.

Custom Header Support for OAuth 2.0 Authentication

You can now define a custom header value while creating OAuth 2 Record authentication. This custom header is used only for access token and refresh token requests, enabling secure API authentication workflows and seamless integration with external identity providers that require additional client metadata.

A new field is available to add a custom header for the OAuth2 records while creating and editing authentication records.

Custom Header field in OAuth2 authentication records

Issues Addressed

The following notable and important issues are fixed in this release.

Category/Component	Description
Retest scan	An issue was observed when the retest scan on some QIDs was stuck and did not provide any results. When the user tried to cancel the retest, an error was displayed. The issue is fixed.
Web application import	While importing a web application using the CSV file, an issue was encountered if the web application name contains special characters, such as ä, ö, or ü. The web application name did not display correctly, and the special characters were displayed as . The issue is now resolved, and we can import web applications with a name containing special characters.
QQL token	We fixed an issue where incorrect results were displayed in the Schedules tab in Scans with the scan.schedule.nextDate query.
Authentication Record, User Permissions	We fixed an issue where the Reader user could not update an authentication record with a Selenium script. With the additional permissions assigned to the user, the Reader user can now update the authentication record.
Web application edit	When the user edited the web application URL, the web application was updated successfully; however, the updated URL did not reflect. The issue is fixed.
Scheduled scan	We fixed two issues with scheduled scans: - When the user added Start Time for a scheduled scan, the Start Time was not saved. - The Cancel Scan At and Start Time fields displayed different values in the Edit Scan Schedule and View Scan Schedule windows.
Authentication status in detection details	We fixed an issue where the user could not find whether the authentication was used for the fixed vulnerabilities in the Detection Details \| History & Comments section. Now, the History & Comments section displays the text indicating whether the authentication record is used and the name of the authentication record.