Create a new option profile.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and "Create Option Profile".
The element “name” (text) and "OptionProfile" is required, where “name” is option profile name.
Create a new option profile with the name “My Option Profile - with defaults”. The default option profile settings are assigned automatically.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary@-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My Option Profile - with defaults]]>
</name>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832265669</id>
<name>
<![CDATA[My Option Profile - with defaults]]>
</name>
<owner>
<id>8792415669</id>
<username>user_alex</username>
<firstName>
<![CDATA[Alex]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>20</timeoutErrorThreshold>
<unexpectedErrorThreshold>48</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2018-09-08T22:03:01Z</createdDate>
<createdBy>
<id>8792415669</id>
<username>user_alex</username>
<firstName>
<![CDATA[Alex]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</createdBy>
<updatedDate>2018-09-08T22:03:01Z</updatedDate>
<updatedBy>
<id>8792415669</id>
<username>user_alex</username>
<firstName>
<![CDATA[Alex]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
Create a new option profile with the name “My Option Profile - All Fields”. The "name" setting is required in the request data, other settings are optional.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary@-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My Option Profile - All Fields]]>
</name>
<timeoutErrorThreshold>22</timeoutErrorThreshold>
<unexpectedErrorThreshold>50</unexpectedErrorThreshold>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>200</maxCrawlRequests>
<performance>LOW</performance>
<bruteforceOption>USER_DEFINED</bruteforceOption>
<parameterSet>
<id>15669</id>
</parameterSet>
<isDefault>true</isDefault>
<ignoreBinaryFiles>true</ignoreBinaryFiles>
<userAgent>
<![CDATA[Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36]]>
</userAgent>
<tags>
<set>
<Tag>
<id>75521225669</id>
</Tag>
</set>
</tags>
<sensitiveContent>
<customContents>zip code</customContents>
</sensitiveContent>
<comments>
<set>
<Comment>
<contents>
<![CDATA[Some Comment]]>
</contents>
</Comment>
</set>
</comments>
<bruteforceList>
<id>74005669</id>
</bruteforceList>
<detection>
<includedSearchLists>
<set>
<SearchList>
<id>3496185669</id>
</SearchList>
</set>
</includedSearchLists>
<excludedSearchLists>
<set>
<SearchList>
<id>3496175669</id>
</SearchList>
<SearchList>
<id>3496165669</id>
</SearchList>
</set>
</excludedSearchLists>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832275669</id>
<name>
<![CDATA[My Option Profile - All Fields]]>
</name>
<owner>
<id>8792415669</id>
<username>user_cindy</username>
<firstName>
<![CDATA[Cindy]]>
</firstName>
<lastName>
<![CDATA[Green]]>
</lastName>
</owner>
<isDefault>true</isDefault>
<tags>
<count>1</count>
<list>
<Tag>
<id>75521225669</id>
<name>
<![CDATA[Business Units]]>
</name>
</Tag>
</list>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>200</maxCrawlRequests>
<timeoutErrorThreshold>22</timeoutErrorThreshold>
<unexpectedErrorThreshold>50</unexpectedErrorThreshold>
<userAgent>
<![CDATA[Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36]]>
</userAgent>
<parameterSet>
<id>15669</id>
<name>
<![CDATA[Custom Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>true</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>USER_DEFINED</bruteforceOption>
<bruteforceList>
<id>74005669</id>
<name>
<![CDATA[BFL]]>
</name>
</bruteforceList>
<detection>
<includedSearchLists>
<count>1</count>
<list>
<SearchList>
<id>3496185669</id>
</SearchList>
</list>
</includedSearchLists>
<excludedSearchLists>
<count>2</count>
<list>
<SearchList>
<id>3496175669</id>
</SearchList>
<SearchList>
<id>3496165669</id>
</SearchList>
</list>
</excludedSearchLists>
</detection>
<comments>
<count>1</count>
<list>
<Comment>
<contents>
<![CDATA[Some Comment]]>
</contents>
</Comment>
</list>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
<customContents>zip code</customContents>
</sensitiveContent>
<createdDate>2017-09-08T22:31:06Z</createdDate>
<createdBy>
<id>8792415669</id>
<username>user_cindy</username>
<firstName>
<![CDATA[Cindy]]>
</firstName>
<lastName>
<![CDATA[Green]]>
</lastName>
</createdBy>
<updatedDate>2017-09-08T22:31:07Z</updatedDate>
<updatedBy>
<id>8792415669</id>
<username>user_cindy</username>
<firstName>
<![CDATA[Cindy]]>
</firstName>
<lastName>
<![CDATA[Green]]>
</lastName>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<timeoutErrorThreshold>0</timeoutErrorThreshold>
<unexpectedErrorThreshold>0</unexpectedErrorThreshold>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>453133</id>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<owner>
<id>4354</id>
<username>user_amy</username>
<firstName>
<![CDATA[Amy]]>
</firstName>
<lastName>
<![CDATA[Kim]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2017-11-07T01:29:24Z</createdDate>
<createdBy>
...
Want to use SmartScan? This feature must be enabled for your subscription. We can help you with this quickly - just contact your Technical Account Manager or Qualys Support.
API request
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>453133</id>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<owner>
<id>4354</id>
<username>user_amy</username>
<firstName>
<![CDATA[Amy]]>
</firstName>
<lastName>
<![CDATA[Kim]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2017-11-07T01:29:24Z</createdDate>
<createdBy>
...
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<timeoutErrorThreshold>0</timeoutErrorThreshold>
<unexpectedErrorThreshold>0</unexpectedErrorThreshold>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>453133</id>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<owner>
<id>4354</id>
<username>user_amy</username>
<firstName>
<![CDATA[Amy]]>
</firstName>
<lastName>
<![CDATA[Kim]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2017-11-07T01:29:24Z</createdDate>
<createdBy>
...
Create a new option profile with the name “My Option Profile” to include action URI. The default option profile settings are assigned automatically.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>My Option Profile</name>
<smartScanSupport>true</smartScanSupport>
<smartScanDepth>10</smartScanDepth>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>467333</id>
<name>
<![CDATA[My Option Profile]]>
</name>
<owner>
<id>4354</id>
<username>user_aril</username>
<firstName>
<![CDATA[Ari]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>15601</id>
<name>
<![CDATA[Test Paramset]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<smartScanSupport>true</smartScanSupport>
<smartScanDepth>10</smartScanDepth>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>>
...
Create a new option profile and associate pre-defined detection categories with Option Profile.
Element |
Description |
detectionCategory={Keyword} |
We now support the following new detection categories in your option profile: --XSS, in request header --Denial of Service --XSS --Path-Related vulnerabilities --OWASP Top 10 (2017) --Authentication & Session Management --Cross-Site Request Forgery --XML External Entity (XXE) vulnerabilities --Flash-Related vulnerabilities --Information Disclosure --SQL Injection --Clickjacking --SQL Injection, in request header --CMS identification (type, version, and plugins) --Apache vulnerabilities (Struts & other) --Uncategorized --CMS vulnerabilities --Open Redirect |
Note: <detectionCategories> is mutually exclusive with <includedSearchLists> and <excludedSearchLists>. |
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST"--data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>sample option profile with detection category</name>
<detection>
<detectionCategories>
<set>
<DetectionCategory>
<name>Denial of Service</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd
/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<count>1</count>
<data>
<OptionProfile>
<id>305785</id>
<name>
<![CDATA[Sample option profile with detection category]]>
</name>
<owner>
<id>2501086</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
...
<detection>
<detectionCategories>
<count>1</count>
<set>
<DetectionCategory>
<id>154</id>
<name>Denial of Service</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
<comments>
<count>0</count>
</comments>
...
</OptionProfile>
</data>
</ServiceResponse>
You can execute specialized scan that performs comprehensive tests for cross-site scripting vulnerabilities using the new option profile with XSS Power Mode detection scope that we have introduced. The detection scope performs tests using the standard XSS payloads, which detect the most common instances of XSS, but also with additional payloads that can identify XSS in certain, less-common situations. Running a scan with option profile that has XSS Power Mode detection scope will provide the best assurance that your web application is free from XSS vulnerabilities.
To launch a scan in the XSS power mode, you need to set the <xssPowerMode> element to true under <detection> element.
Note: The includedSearchLists/excludeSearchLists, detectionCategories, xssPowerMode elements are mutually exclusive elements. Thus, you can set only one of the elements. under detection element.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>Sample Option Profile With XSS</name>
<detection>
<xssPowerMode>true</xssPowerMode>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>1045129</id>
<name>
<![CDATA[Launch XSS Power Mode Scan]]>
</name>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection>
<xssPowerMode>true</xssPowerMode>
</detection>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2018-07-25T03:45:12Z</createdDate>
<createdBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</createdBy>
<updatedDate>2018-07-25T03:45:12Z</updatedDate>
<updatedBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
You can enable comprehensive tests for cross-site scripting vulnerabilities to be executed during our standard scan using the new parameter in option profile. The comprehensive tests includes XSS with exhaustive set of payloads including set of standard payloads. Running a scan with XSS payloads option enabled in the detection scope of standard scan will provide the best assurance that your web application is free from XSS vulnerabilities. However, enabling this option leads to significant increase in the scan time.
Element |
Description |
enableXssPayloads |
(boolean) A flag to indicate if XSS payloads should be enabled or disabled during the scan. If the flag is set to true, comprehensive tests for cross-site scripting vulnerabilities are executed during the scan. Example: <detection> <detectionScope>CORE</detectionScope> <enableXssPayloads>true</enableXssPayloads> </detection> |
Let us create an option profile to launch a standard scan with comprehensive tests for cross-site scripting vulnerabilities enabled.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>Sample Option Profile With XSS Payloads</name>
<detection>
<detectionScope>CORE</detectionScope>
<enableXssPayloads>true</enableXssPayloads>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>81333</id>
<name>
<![CDATA[Launch Scan with XSS Payloads enabled]]>
</name>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<enhancedCrawling>false</enhancedCrawling>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection>
<detectionScope>CORE</detectionScope>
<enableXssPayloads>true</enableXssPayloads>
</detection>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2019-10-04T11:11:59Z</createdDate>
<createdBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</createdBy>
<updatedDate>2018-07-25T03:45:12Z</updatedDate>
<updatedBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
You can define your custom scan intensity in the option profile and thus control the scan performance accordingly to your configured settings. Using our new parameter <customperformance> you can further configure the number of threads to be used to scan each host and the delay between requests.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Option Profile with Custom Scan Intensity]]>
</name>
<customPerformance>
<numOfHttpThreads>5</numOfHttpThreads>
<delayBetweenRequests>100</delayBetweenRequests>
</customPerformance>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>1608560</id>
<name>
<![CDATA[Option Profile with Custom Scan Intensity]]>
</name>
…
<smartScanSupport>false</smartScanSupport>
<customPerformance>
<numOfHttpThreads>5</numOfHttpThreads>
<delayBetweenRequests>100</delayBetweenRequests>
</customPerformance>
<bruteforceOption>MINIMAL</bruteforceOption>
…
</OptionProfile>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<enhancedCrawling>true</enhancedCrawling>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>78110</id>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<owner>
<id>337590</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<enhancedCrawling>true</enhancedCrawling>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection/>
<comments>
<count>0</count>
</comments>
...
</lastName>
</updatedBy>
</OptionProfile>undefined</data>undefined</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<detection>
<detectionScope>EVERYTHING</detectionScope>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>78744</id>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<owner>
<id>337590</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<enhancedCrawling>false</enhancedCrawling>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection>
<detectionScope>EVERYTHING</detectionScope>
</detection>
<comments>
<count>0</count>
</comments>
...
</updatedBy>
</OptionProfile>
</data>undefined</ServiceResponse>
You can execute specialized scan that performs tests for SSL/TLS and Certificate related vulnerabilities using the option profile with SSL/TLS and Certificate category configured in the API request.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Option Profile with SSL data]]>
</name>
<detection>
<detectionCategories>
<set>
<DetectionCategory>
<name>SSL/TLS and Certificate issues</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>897483</id>
<name>
<![CDATA[My Option Profile - SSL data]]>
</name>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
...
<detection>
<detectionCategories>
<count>1</count>
<list>
<DetectionCategory>
<id>152</id>
<name>SSL/TLS and Certificate issues</name>
</DetectionCategory>
</list>
</detectionCategories>
<enableXssPayloads>false</enableXssPayloads>
</detection>
...
</OptionProfile>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/optionprofile.xsd