TotalAppSec Release 2.3 | Web Application Scanning Release 1.23
September 16, 2025
TotalAppSec
AI-Powered Scan Optimization
With this release, we have a new AI-Powered Scan Optimization option with which you can perform faster and enhanced vulnerability scans on web applications and APIs.
This feature leverages AI assistance to intelligently optimize the detection scope by eliminating unnecessary QIDs and focusing only on relevant detections, enabling scans to run more efficiently with fewer redundant checks.
The AI-powered Scan Optimization option is available in the launch vulnerability scan and create vulnerability scan schedule workflow. To enable AI-Powered Scanning, select the AI-Powered Scan Optimization checkbox in the Vulnerability Scan > Scan Settings page.
When the AI-Powered Scan Optimization option is selected, the detection scope defined in the option profile is not considered.
This feature is not available by default. To enable this feature, contact your Technical Account Manager (TAM).
Enhancements for Scan List Tab
We have introduced the new columns Coverage and Findings in the Scan List tab to display QID count, links tested, and findings. Also, you can view scan duration in the Status column.
New Tokens for AI-Powered Scan
We introduced the following token to the Scan List and Schedules tabs.
| Tab | Token | Description |
|---|---|---|
| Scan List | scan.isAiPoweredScan | Use a Boolean value to find scans in which AI-Powered Optimization is enabled. |
| Schedules | scan.schedule.isAiPoweredScan | Use a Boolean value to find scan schedules with AI-Powered optimization enabled. |
Discover APIs using AWS API Connectors
With the AWS API Connectors, TotalAppSec can discover Swagger files with all endpoints exposed in your AWS environment. This enhances TotalAppSec's discovery feature and strengthens your organization's security posture.
To create an AWS API Connector, navigate to the Discovery > Sources tab > AWS API Connectors, and click Create Connector.
Once the connector is created, the APIs discovered from your environment are displayed in the Discovered APIs tab.
You can add the APIs to your subscription and perform scans to assess the vulnerabilities.
TotalAppSec Trial Expiration
Starting this release, the TotalAppSec trial is available for one month from the start date of the trial. After the trial period ends, TAS features will no longer be accessible.
If you are an existing WAS customer using a TAS trial, once the trial expires, you will continue to have access to WAS features only.
TotalAppSec and Web Application Scanning
License Consumption Data in Account Information Page
The Account Information page now displays the number of applications and license consumption in percentage. To view the details of license consumption, click 
icon > Account Info.
The following image displays the number of web applications and the number of API endpoints in your TotalAppSec subscription and license consumption in percentage.
The following image displays the number of web applications and number of API endpoints in your WAS subscription and license consumption in percentage.
Configure Columns for Detection Datalist Reports
While downloading the detection datalist report, you can now select the columns that you want to include in the report.
Non-CSV formats (PDF) are limited to 14 columns to ensure readability and proper formatting. CSV formats have no limit.
To download the detection datalist report:
- Navigate to the Detections tab > Download Report.
- Select the columns to be displayed in the detection datalist report.
Your column selection is saved for the report download for your account to help you quickly download the report subsequently.
Create Distribution Groups in Report Schedule
With this release, we have introduced the option to create a distribution list and add recipients when scheduling reports. This enhancement ensures that reports can be automatically shared with users to download the reports.
While creating or editing a scheduled report, you can add distribution groups as recipients. To create a distribution group, navigate to Reports > Schedules > New Report Schedule > Notification window. Click Create distribution group under the Distribution Groups section.
When the scheduled report is generated, an email notification with a link to download it is sent to all users in the selected distribution groups.
Customize Datalist Report Names
With this release, we have introduced the field to customize the report name before downloading. Previously, when downloading a datalist report, the report name was automatically generated based on the tab name.
To add the datalist report name:
- Navigate to the Reports tab >
. - In the Report Name field, enter the name with which you want to download the report.
This enhancement is available in all the tabs, where the datalist report can be downloaded.
Token Changes for Knowledge Base
The following tokens are added to the Knowledge Base tab.
| Token | Description |
|---|---|
| vulnDef.isIgnored | Use a Boolean value to find vulnerabilities based on whether they are marked as ignored. |
| vulnDef.exploit.vendor | Use the vendor name to find vulnerabilities with known exploits published by a specific vendor. |
The following token is updated with the new value.
| Token | Description |
|---|---|
| vulnDef.supportedBy.serviceName | A new value - API Security is added to find QIDs supported by API Security. |
Implementation of QQL Token Standardization
We have now implemented Qualys Query Language (QQL) token standardization across all Qualys applications. As part of this enhancement, both common and TotalAppSec and Web Application Scanning specific tokens are updated with new token names that follow a standard and consistent nomenclature.
The new token format follows the syntax: <entity>.<attribute>.For example, in the new token, finding.criticality, finding is the entity, and criticality is the attribute.
Key Enhancements:
- Standardized Token Naming: The sensor, asset, and operating system tokens now follow the standardized naming convention. The tokens common to all Qualys applications have also been updated.
- Search Bar Updates: Only the new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. The old tokens will not be visible in the auto-suggestions on the UI.
- Backward Compatibility: The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens in edit mode.
- Improved Interoperability: The standardized tokens make it easier to copy and reuse the search query from one application to another, eliminating the need to remember multiple token names for different applications and similar searches.
Updated Tokens
We have updated the token names in the TotalAppSec user interface for the following tabs.
| Old Token Name | Updated Token Name |
|---|---|
| vulnerability.age | finding.age |
| vulnerability.cisaKnownExploits.cisaKEVAddedDate | finding.cisaKnownExploits.cisaKEVAddedDate |
| vulnerability.cisaKnownExploits.cisaKEVDueDate | finding.cisaKnownExploits.cisaKEVDueDate |
| vulnerability.comment | finding.comment |
| vulnerability.criticality | finding.criticality |
| vulnerability.cveIds | finding.cveId |
| vulnerability.cvss3Info.baseScore | finding.cvss3Base |
| vulnerability.cvss3Info.temporalScore | finding.cvss3Temporal |
| vulnerability.cweIds | finding.cweId |
| vulnerability.detectionScore | finding.detectionScore |
| vulnerability.firstDetectionDate | finding.firstFoundDate |
| vulnerability.fixedDate | finding.fixedDate |
| vulnerability.groupName | finding.groupName |
| vulnerability.groupTitle | finding.groupTitle |
| vulnerability.id | finding.id |
| vulnerability.ignoredBy.firstName | finding.ignoredBy.firstName |
| vulnerability.ignoredBy.lastName | finding.ignoredBy.lastName |
| vulnerability.ignoredBy.username | finding.ignoredBy.username |
| vulnerability.ignoredComment | finding.ignoredComment |
| vulnerability.ignoredDate | finding.ignoredDate |
| vulnerability.ignoredReactivateDate | finding.ignoredReactivateDate |
| vulnerability.ignoredReason | finding.ignoredReason |
| vulnerability.isCisaKnownExploitable | finding.riskFactor.isCisaKnownExploits |
| vulnerability.isIgnored | finding.isIgnored |
| vulnerability.lastDetectedDate | finding.lastFoundDate |
| vulnerability.lastTestedDate | finding.lastTestedDate |
| vulnerability.originalSeverity | finding.originalSeverity |
| vulnerability.owaspTopTen.id | finding.owaspTopTen.id |
| vulnerability.owaspTopTen.name | finding.owaspTopTen.name |
| vulnerability.param | finding.param |
| vulnerability.paramType | finding.paramType |
| vulnerability.patchable | finding.isPatchable |
| vulnerability.patchId | finding.patchId |
| vulnerability.qid | finding.qid |
| vulnerability.retestStatus | finding.retestStatus |
| vulnerability.severity | finding.severity |
| vulnerability.source | finding.source |
| vulnerability.status | finding.status |
| vulnerability.timesDetected | finding.timesDetected |
| vulnerability.title | finding.title |
| vulnerability.ttr | finding.ttr |
| vulnerability.typeDetected | finding.typeDetected |
| vulnerability.url | finding.url |
| vulnerability.uuid | finding.uuid |
Discovery (Webapp/API)Discovery (Webapp/API)
| Old Token Name | Updated Token Name |
|---|---|
| discovery.updated | discovery.updatedDate |
| discovery.created | discovery.createdDate |
| discovery.applicationId | asset.id |
| discovery.lastDiscoveredOn | discovery.lastFoundDate |
Application(Webapp/API)Application(Webapp/API)
| Old Token Name | Updated Token Name |
|---|---|
| application.authenticationRecord.category | authenticationRecord.category |
| application.authenticationRecord.hasClientCertificate | authenticationRecord.hasClientCertificate |
| application.authenticationRecord.name | authenticationRecord.name |
| application.authenticationRecord.type | authenticationRecord.type |
| application.dnsOverride.name | dnsOverride.name |
| application.lastScanned | application.lastScanDate |
| application.malwareMonitoringEnabled | application.isMalwareMonitoringEnabled |
| application.optionProfile.name | optionProfile.name |
| application.progressiveScanningEnabled | application.isProgressiveScanningEnabled |
| application.proxy.name | proxy.name |
| application.risk | asset.risk |
| application.scannerAppliance | appliance.name |
| application.scannerApplianceTags.name | appliance.tag.name |
| application.scannerType | appliance.type |
| application.scanScheduled | application.isScanScheduled |
| application.scanTrustEnabled | application.isScanTrustEnabled |
| asset.created | asset.createdDate |
| asset.riskScore | asset.truRisk |
| asset.riskScoreRange | asset.truRiskRange |
| asset.updated | asset.updatedDate |
| tags.name | asset.tag.name |
| Old Token Name | Updated Token Name |
|---|---|
| scan.authenticationRecord.name | authenticationRecord.name |
| scan.dnsOverride.name | dnsOverride.name |
| scan.excludedQids | scan.excludedQid |
| scan.findings.criticality | scan.finding.criticality |
| scan.findings.cvss3Info.baseScore | scan.finding.cvss3Base |
| scan.findings.cvss3Info.temporalScore | scan.finding.cvss3Temporal |
| scan.findings.cweIds | scan.finding.cweId |
| scan.findings.groupName | scan.finding.groupName |
| scan.findings.groupTitle | scan.finding.groupTitle |
| scan.findings.id | scan.finding.id |
| scan.findings.originalSeverity | scan.finding.originalSeverity |
| scan.findings.owaspTopTen.id | scan.finding.owaspTopTen.id |
| scan.findings.owaspTopTen.name | scan.finding.owaspTopTen.name |
| scan.findings.param | scan.finding.param |
| scan.findings.paramType | scan.finding.paramType |
| scan.findings.qid | scan.finding.qid |
| scan.findings.severity | scan.finding.severity |
| scan.findings.title | scan.finding.title |
| scan.findings.typeDetected | scan.finding.typeDetected |
| scan.findings.url | scan.finding.url |
| scan.findings.uuid | scan.finding.uuid |
| scan.findings.vulnerability.id | scan.finding.vulnerability.id |
| scan.inScopeQids | scan.inScopeQid |
| scan.optionProfile.name | optionProfile.name |
| scan.progressiveScanningEnabled | scan.isProgressiveScanningEnabled |
| scan.proxy.name | proxy.name |
| scan.scannerAppliance.name | appliance.name |
| scan.scannerApplianceTags.name | appliance.tag.name |
| scan.scannerType | scan.scannerType |
| scan.scanTrustEnabled | scan.isScanTrustEnabled |
| scan.target.tags.name | scan.target.tag.name |
| scan.updated | scan.updatedDate |
| Old Token Name | Updated Token Name |
|---|---|
| scan.schedule.created | scan.schedule.createdDate |
| scan.schedule.updated | scan.schedule.updatedDate |
| scan.schedule.multi | scan.schedule.hasMultipleTargets |
| scan.schedule.invalid | scan.schedule.isInvalid |
Report TemplateReport Template
| Old Token Name | Updated Token Name |
|---|---|
| reportTemplate.owner.username | report.template.owner.username |
| reportTemplate.updatedBy.lastName | report.template.updatedBy.lastName |
| reportTemplate.name | report.template.name |
| reportTemplate.updated | report.template.updatedDate |
| reportTemplate.createdBy.username | report.template.createdBy.username |
| reportTemplate.id | report.template.id |
| reportTemplate.createdBy.lastName | report.template.createdBy.lastName |
| tags.name | report.template.tag.name |
| reportTemplate.createdBy.firstName | report.template.createdBy.firstName |
| reportTemplate.owner.lastName | report.template.owner.lastName |
| reportTemplate.isDefault | report.template.isDefault |
| reportTemplate.updatedBy.firstName | report.template.updatedBy.firstName |
| reportTemplate.updatedBy.username | report.template.updatedBy.username |
| reportTemplate.owner.firstName | report.template.owner.firstName |
| reportTemplate.type | report.template.type |
| reportTemplate.created | report.template.createdDate |
| Old Token Name | Updated Token Name |
|---|---|
| report.created | report.createdDate |
| scheduleReport.name | report.schedule.name |
| tags.name | report.tag.name |
Schedule ReportSchedule Report
| Old Token Name | Updated Token Name |
|---|---|
| scheduleReport.updatedBy.firstName | report.schedule.updatedBy.firstName |
| scheduleReport.updated | report.schedule.updatedDate |
| scheduleReport.owner.lastName | report.schedule.owner.lastName |
| scheduleReport.created | report.schedule.createdDate |
| scheduleReport.createdBy.lastName | report.schedule.createdBy.lastName |
| scheduleReport.format | report.schedule.format |
| scheduleReport.type | report.schedule.type |
| scheduleReport.updatedBy.username | report.schedule.updatedBy.username |
| scheduleReport.id | report.schedule.id |
| scheduleReport.owner.username | report.schedule.owner.username |
| scheduleReport.updatedBy.lastName | report.schedule.updatedBy.lastName |
| scheduleReport.lastRunDate | report.schedule.lastRunDate |
| scheduleReport.lastRunStatus | report.schedule.lastRunStatus |
| scheduleReport.createdBy.username | report.schedule.createdBy.username |
| scheduleReport.nextRunDate | report.schedule.nextRunDate |
| scheduleReport.owner.firstName | report.schedule.owner.firstName |
| scheduleReport.createdBy.firstName | report.schedule.createdBy.firstName |
| scheduleReport.status | report.schedule.status |
| Old Token Name | Updated Token Name |
|---|---|
| optionProfile.created | optionProfile.createdDate |
| optionProfile.enhancedCrawlingEnabled | optionProfile.isEnhancedCrawlingEnabled |
| optionProfile.paramSet.id | paramSet.id |
| optionProfile.paramSet.name | paramSet.name |
| optionProfile.passwordBruteforcingEnabled | optionProfile.isPasswordBruteforcingEnabled |
| optionProfile.sensitiveContent | optionProfile.isSensitiveContentEnabled |
| optionProfile.smartScanEnabled | optionProfile.isSmartScanEnabled |
| optionProfile.updated | optionProfile.updatedDate |
| scan.schedule.name | scan.schedule..name |
| tags.name | optionProfile.tag.name |
| Old Token Name | Updated Token Name |
|---|---|
| tags.name | searchList.tag.name |
| searchList.created | searchList.createdDate |
| searchList.updated | searchList.updatedDate |
| Old Token Name | Updated Token Name |
|---|---|
| bruteforceList.updated | bruteforceList.updatedDate |
| tags.name | bruteforceList.tag.name |
| bruteforceList.created | bruteforceList.createdDate |
| Old Token Name | Updated Token Name |
|---|---|
| proxy.updated | proxy.updatedDate |
| proxy.created | proxy.createdDate |
| tags.name | proxy.tag.name |
Authentication Record Authentication Record
| Old Token Name | Updated Token Name |
|---|---|
| authenticationRecord.lastTested | authenticationRecord.lastTestedDate |
| authenticationRecord.updated | authenticationRecord.updatedDate |
| tags.name | authenticationRecord.tag.name |
| authenticationRecord.created | authenticationRecord.createdDate |
| Old Token Name | Updated Token Name |
|---|---|
| paramSet.created | paramSet.createdDate |
| tags.name | paramSet.tag.name |
| paramSet.updated | paramSet.updatedDate |
| Old Token Name | Updated Token Name |
|---|---|
| dnsOverride.updated | dnsOverride.updatedDate |
| dnsOverride.created | dnsOverride.createdDate |
| tags.name | dnsOverride.tag.name |
| Old Token Name | Updated Token Name |
|---|---|
| scannerAsset.created | appliance.createdDate |
| scannerAsset.id | appliance.id |
| scannerAsset.isUpdated | appliance.isUpdated |
| scannerAsset.name | appliance.name |
| scannerAsset.quickFilters | appliance.quickFilters |
| scannerAsset.scanner.connectivityStatus | appliance.connectivityStatus |
| scannerAsset.scanner.ipAddress | appliance.ipAddress |
| scannerAsset.scanner.personalizationCode | appliance.personalizationCode |
| scannerAsset.scanner.proxyEnabled | appliance.isProxyEnabled |
| scannerAsset.updated | appliance.updatedDate |
| scannerAsset.updatedBy.firstName | appliance.updatedBy.firstName |
| scannerAsset.updatedBy.lastName | appliance.updatedBy.lastName |
| scannerAsset.updatedBy.username | appliance.updatedBy.username |
| tags.name | dnsOverride.tag.name |
| Old Token Name | Updated Token Name |
|---|---|
| burpReport.created | burpReport.createdDate |
| tags.name | burpReport.tag.name |
| Old Token Name | Updated Token Name |
|---|---|
| bugcrowdReport.created | bugcrowdReport.createdDate |
| tags.name | bugcrowdReport.tag.name |
| Old Token Name | Updated Token Name |
|---|---|
| vulnDef.updated | vulnDef.updatedDate |
| vulnDef.patchAvailable | vulnDef.isPatchAvailable |
| vulnDef.exploitAvailable | vulnDef.isExploitAvailable |
| vulnDef.custom | vulnDef.isCustom |
| vulnDef.malware.aliases | vulnDef.malware.alias |
| vulnDef.cvss3Info.attackVector | vulnDef.cvss3AttackVector |
| vulnDef.supportedBy | vulnDef.supportedBy.serviceName |
| vulnDef.cvss3Info.temporalScore | vulnDef.cvss3Temporal |
| vulnDef.cweIds | vulnDef.cweId |
| vulnDef.cvss3Info.baseScore | vulnDef.cvss3Base |
| vulnDef.malwareAvailable | vulnDef.isMalwareAvailable |
| vulnDef.bugtraqIds | vulnDef.bugtraqId |
| vulnDef.complianceTypes | vulnDef.complianceType |
| vulnDef.cveIds | vulnDef.cveId |
Issues Addressed
| Application | Category/Component | Description |
|---|---|---|
|
TAS |
MuleSoft API connector |
The user reported an error while integrating the MuleSoft connector in TAS. The error occurred because MuleSoft updated the authentication method to two-factor authentication. We have made the changes to the MuleSoft connector configuration based on the changes in MuleSoft, and the issue is resolved now. |
|
TAS |
Azure API connector
|
We fixed an issue where the user could configure the Azure API connector; however, the connector failed upon execution. |
|
TAS and WAS |
Detection details |
When the user downloaded the report for the crawled links from the scan report, the color coding for new, modified, and removed links was not applied. The issue is now fixed, and the report presents links highlighted with appropriate colors. |
|
TAS and WAS |
Scan status |
We fixed an issue where a discrepancy was observed in the scan status displayed in the Scan List tab, the scan details, and the application details. |
|
TAS and WAS |
Dynamic search list |
We fixed an issue where the user could not save the changes made to the dynamic search list after editing the search list. |
|
TAS and WAS |
Authentication record |
An error was encountered while saving the authentication record, where the user selected the Add Credentials to Selenium Script checkbox after uploading the Selenium script. The following error message is displayed: Invalid username/password format for selected selenium script in Form Record. Please verify the selected values for Form Record. The issue is fixed now. |
|
TAS and WAS |
Scan report wit dynamic search list |
In a scenario, when the user added a dynamic search list containing Information Gathered QIDs in the scan report template, the downloaded scan report still displayed Information Gathered QIDs. |
|
TAS and WAS |
Vulnerability Scan |
We fixed an issue where the user encountered an error while launching a vulnerability scan using an option profile containing dynamic search list in detection scope. |
|
TAS and WAS |
DNS override record |
We fixed an issue where the user could not view the default DNS record for a web application while creating a scan schedule. |
|
TAS and WAS |
Web Applications |
We fixed an issue where the user could not remove some web assets from WAS and CSAM. |
|
TAS and WAS |
Scans
|
The user could not click the slice scans and associated scan schedules from the View Scan Details window for multi scans. This issue is now fixed. |
|
TAS and WAS |
Multi scan details |
An issue was encountered due to an incorrect label in the View Scan Details > Overview section for multi scans, where the scans are categorized by status. The column name Application caused confusion. The column Application is renamed to Scans to display the number of slice scans with the corresponding status. |
|
TAS and WAS |
Knowledge Base |
We fixed multiple issues related to the knowledge base datalist download. The datalist download functionality is temporarily revoked. |
|
TAS and WAS |
Edit web application |
We fixed an issue where the user could not delete the crawl script while editing a web application. The web application was shown as updated, but the crawl script was not deleted from the web application. |