TotalAppSec Release 2.2 | Web Application Scanning Release 1.22
July 28, 2025
TotalAppSec and Web Application Scanning
The following are the new features and updates available with the TotalAppSec and Web Application Scanning subscription.
Customize Advanced Filters for Enhanced Search
Advanced filters now support operators for building precise search queries. With the operators, you can build complex and specific search queries without manually entering QQL tokens.
For example, you can use the Greater than operator in the TruRisk Score filter to find the applications with the TruRisk Score greater than the specified value.
Operators for Text-based Search
For the filters where the values are alphanumeric strings, you can use the following operators to refine the search criteria further.
- Contains: Use this operator to retrieve search results containing the specified text value.
- Exact: Use this operator to retrieve search results that match the specified text value exactly.
- Starts with: Use this operator to retrieve search results that start with the specified text value.
- Ends with: Use this operator to retrieve search results that end with the specified text value.
The following image presents an example of the filter set to find web applications where the name contains WebApp Test.
Operators for Numeric Search
For the filters with numeric values, such as QIDs, Risk Score, you can use the following filters to refine the search criteria:
- Equals: Use this operator to retrieve search results that exactly match the specified numeric value.
- Greater than: Use this operator to retrieve search results with values greater than the specified numeric value.
- Less than: Use this operator to retrieve search results with values less than the specified numeric value.
The following image presents an example of the filter set to find web applications with a TruRisk™ Score greater than 200.
Enhanced QQL Searches Across Tabs
We have enhanced the QQL search experience with the new enhancement, where the QQL search results in a tab are retained even when navigating the application to different tabs.
Earlier, if the user performed a search using QQL tokens and navigated to any other tab, the search queries were not retained, and the user needed to enter the QQL query again.
Custom Header Support for OAuth 2.0 Authentication
You can now define a custom header value while creating OAuth 2 Record authentication. This custom header is used only for access token and refresh token requests, enabling secure API authentication workflows and seamless integration with external identity providers that require additional client metadata.
A new field is available to add a custom header for the OAuth2 records while creating and editing authentication records.
Issues Addressed
The following notable and important issues are fixed in this release.
Category/Component | Description |
---|---|
Retest scan |
An issue was observed when the retest scan on some QIDs was stuck and did not provide any results. When the user tried to cancel the retest, an error was displayed. The issue is fixed. |
Web application import |
While importing a web application using the CSV file, an issue was encountered if the web application name contains special characters, such as ä, ö, or ü. The web application name did not display correctly, and the special characters were displayed as The issue is now resolved, and we can import web applications with a name containing special characters. |
QQL token |
We fixed an issue where incorrect results were displayed in the Schedules tab in Scans with the scan.schedule.nextDate query. |
Authentication Record, User Permissions |
We fixed an issue where the Reader user could not update an authentication record with a Selenium script. With the additional permissions assigned to the user, the Reader user can now update the authentication record. |
Web application edit |
When the user edited the web application URL, the web application was updated successfully; however, the updated URL did not reflect. The issue is fixed. |
Scheduled scan |
We fixed two issues with scheduled scans: |
Authentication status in detection details |
We fixed an issue where the user could not find whether the authentication was used for the fixed vulnerabilities in the Detection Details | History & Comments section. Now, the History & Comments section displays the text indicating whether the authentication record is used and the name of the authentication record. |