A web application is a configuration in your account. Once created, a user can select the web application as the target of a web application scan.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and WAS Asset Permission “Create Web Asset”. The output includes web applications in the user's scope. If you want to add postman collection files, you must have the 'ENABLE_POSTMAN_COLLECTION' option enabled for your account. If this option is not enabled, contact Qualys Support to enable this option.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND. Click here for descriptions of <WebApp> elements.
Click here for available operators
When only “name” and “url” are specified:
- Scope defaults to ALL. The scanner will crawl all directories and sub-directories of the starting URL.
- No default option profile is specified. An option profile must be specified for each scan.
- No authentication records are defined. No form or server authentication will be performed.
- No blacklists or whitelists are defined. All directories and sub-directories of the starting URL will be scanned.
Let us create a new web application called “My Web Application” that has the starting URL “http://mywebapp.com”. The default web application settings are assigned automatically.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
</WebApp>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>1912949</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]]>
</url>
<owner>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<scope>ALL</scope>
<attributes>
<count>0</count>
</attributes>
<defaultScanner>
<type>EXTERNAL</type>
</defaultScanner>
<scannerLocked>false</scannerLocked>
<urlBlacklist>
<count>0</count>
</urlBlacklist>
<urlWhitelist>
<count>0</count>
</urlWhitelist>
<postDataBlacklist>
<count>0</count>
</postDataBlacklist>
<authRecords>
<count>0</count>
</authRecords>
<useRobots>IGNORE</useRobots>
<useSitemap>false</useSitemap>
<malwareMonitoring>false</malwareMonitoring>
<tags>
<count>0</count>
</tags>
<comments>
<count>0</count>
</comments>
<isScheduled>false</isScheduled>
<createdBy>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</createdBy>
<createdDate>2017-10-18T18:26:40Z</createdDate>
<updatedBy>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</updatedBy>
<updatedDate>2017-10-18T18:26:40Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
Let us create a new web application called “My Web Application” that has the starting URL “http://mywebapp.com” and has 1 authentication record.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<authRecords>
<set>
<WebAppAuthRecord>
<id>77350</id>
</WebAppAuthRecord>
</set>
</authRecords>
</WebApp>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>1929030</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]]>
</url>
<owner>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<scope>ALL</scope>
<attributes>
<count>0</count>
</attributes>
<defaultScanner>
<type>EXTERNAL</type>
</defaultScanner>
<scannerLocked>false</scannerLocked>
<urlBlacklist>
<count>0</count>
</urlBlacklist>
<urlWhitelist>
<count>0</count>
</urlWhitelist>
<postDataBlacklist>
<count>0</count>
</postDataBlacklist>
<authRecords>
<count>1</count>
<list>
<WebAppAuthRecord>
<id>77350</id>
<name>
<![CDATA[My Authentication Record]]>
</name>
</WebAppAuthRecord>
</list>
<useRobots>IGNORE</useRobots>
...
</WebApp>
</data>
</ServiceResponse>
Let us create a new web application with the name “My Web Application” and the starting URL “http://www.example.com”. The web application is assigned custom settings as defined in the request POST data.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://www.example.com]]>
</url>
<scope>DOMAINS</scope>
<domains>
<set>
<Domain>
<![CDATA[corp2.ab.myapp.com]]>
</Domain>
<Domain>
<![CDATA[corp1.myapp.com]]>
</Domain>
</set>
</domains>
<uris>
<set>
<Url>
<![CDATA[http://corp1.myapp.com]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com/]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com:443]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com:443/]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com:8080/]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri?]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri?param=true]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri?param=true¶m2=false]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/otherUri]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/otherUri?param=1]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com/]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com:443]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com:443/]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com:8080/]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/startingUri]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/startingUri?]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/startingUri?param=true]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com:443/startingUri?param=true¶m2=false]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com:8080/otherUri]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com/otherUri?param=1]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com/otherUri?param=1]]>
</Url>
</set>
</uris>
<tags>
<set>
<Tag>
<id>217118</id>
</Tag>
<Tag>
<id>152743</id>
</Tag>
<Tag>
<id>216368</id>
</Tag>
<Tag>
<id>153442</id>
</Tag>
</set>
</tags>
<defaultProfile>
<id>90212</id>
</defaultProfile>
<defaultScanner>
<type>INTERNAL</type>
<friendlyName>
<![CDATA[friendlyname]]>
</friendlyName>
</defaultScanner>
<dnsOverrides>
<set>
<DnsOverride>
<id>2022</id>
</DnsOverride>
</set>
</dnsOverrides>
<useRobots>BLACKLIST</useRobots>
<useSitemap>true</useSitemap>
<headers>
<set>
<WebAppHeader>
<![CDATA[some headers]]>
</WebAppHeader>
</set>
</headers>
<urlBlacklist>
<set>
<UrlEntry regex="true">
<![CDATA[http://rg.blacklist.*.qa.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.blacklist.*?]]>
</UrlEntry>
<UrlEntry>
<![CDATA[http://url.blacklist.2.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="false">
<![CDATA[http://url.blacklist.3.qa.myapp.com]]>
</UrlEntry>
</set>
</urlBlacklist>
<urlWhitelist>
<set>
<UrlEntry regex="true">
<![CDATA[http://rg.whitelist.*.qa.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.whitelist.*?]]>
</UrlEntry>
<UrlEntry>
<![CDATA[http://url.whitelist.2.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="false">
<![CDAT
[http://url.whitelist.3.ab.myapp.com]]>
</UrlEntry>
</set>
</urlWhitelist>
<postDataBlacklist>
<set>
<UrlEntry regex="true">
<![CDATA
[http://rg.postdatblacklist.*.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.postdatblacklist.*?]]>
</UrlEntry>
</set>
</postDataBlacklist>
<comments>
<set>
<Comment>
<contents>
<![CDATA[some additional comments]]>
</contents>
</Comment>
</set>
</comments>
</WebApp>
</data>
</ServiceRequest>XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>1912750</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://www.example.com]]>
</url>
<owner>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<scope>DOMAINS</scope>
<domains>
<count>2</count>
<list>
<Domain>
<![CDATA[corp1.myapp.com]]>
</Domain>
<Domain>
<![CDATA[corp2.ab.myapp.com]]>
</Domain>
</list>
</domains>
<uris>
<count>26</count>
<list>
<Url>
<![CDATA[https://corp2.ab.myapp.com]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/otherUri?param=1]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri?]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com:443/]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com/otherUri?param=1]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com:443/]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/startingUri?param=true]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com:8080/]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/otherUri]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri?param=true¶m2=false]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri?param=true]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com/]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com:443]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com/startingUri]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com:443]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/startingUri]]>
</Url>
<Url>
<![CDATA[http://corp1.myapp.com:8080/]]>
</Url>
<Url>
<![CDATA[https://corp2.ab.myapp.com:8080/otherUri]]>
</Url>
<Url>
<![CDATA[https://corp1.myapp.com/]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com/startingUri?]]>
</Url>
<Url>
<![CDATA[http://corp2.ab.myapp.com:443/startingUri?param=true¶m2=false]]>
</Url>
</list>
</uris>
<defaultProfile>
<id>90212</id>
<name>
<![CDATA[Initial WAS Options]]>
</name>
</defaultProfile>
<defaultScanner>
<type>INTERNAL</type>
<friendlyName>
<![CDATA[friendlyname]]>
</friendlyName>
</defaultScanner>
<scannerLocked>false</scannerLocked>
<dnsOverrides>
<set>
<DnsOverride>
<id>2022</id>
</DnsOverride>
</set>
</dnsOverrides>
<urlBlacklist>
<count>4</count>
<list>
<UrlEntry regex="false">
<![CDATA[http://url.blacklist.2.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="false">
<![CDATA[http://url.blacklist.3.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.blacklist.*.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.blacklist.*?]]>
</UrlEntry>
</list>
</urlBlacklist>
<urlWhitelist>
<count>4</count>
<list>
<UrlEntry regex="true">
<![CDATA[http://rg.whitelist.*.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.whitelist.*?]]>
</UrlEntry>
<UrlEntry regex="false">
<![CDATA[http://url.whitelist.2.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="false">
<![CDATA[http://url.whitelist.3.ab.myapp.com]]>
</UrlEntry>
</list>
</urlWhitelist>
<postDataBlacklist>
<count>2</count>
<list>
<UrlEntry regex="true">
<![CDATA[http://rg.postdatblacklist.*.ab.myapp.com]]>
</UrlEntry>
<UrlEntry regex="true">
<![CDATA[http://rg.postdatblacklist.*?]]>
</UrlEntry>
</list>
</postDataBlacklist>
<authRecords>
<count>0</count>
</authRecords>
<useRobots>BLACKLIST</useRobots>
<useSitemap>true</useSitemap>
<headers>
<count>1</count>
<list>
<WebAppHeader>
<![CDATA[some headers]]>
</WebAppHeader>
</list>
</headers>
<malwareMonitoring>false</malwareMonitoring>
<tags>
<count>4</count>
<list>
<Tag>
<id>152743</id>
<name>
<![CDATA[Asset Groups]]>
</name>
</Tag>
<Tag>
<id>217118</id>
<name>
<![CDATA[AUG 27]]>
</name>
</Tag>
<Tag>
<id>153442</id>
<name>
<![CDATA[Malware Domain Assets]]>
</name>
</Tag>
<Tag>
<id>216368</id>
<name>
<![CDATA[Asset name rule]]>
</name>
</Tag>
</list>
</tags>
<comments>
<count>1</count>
<list>
<Comment>
<contents>
<![CDATA[some additional comments]]>
</contents>
<createdDate>2017-10-18T17:57:32Z</createdDate>
</Comment>
</list>
</comments>
<isScheduled>false</isScheduled>
<createdBy>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</createdBy>
<createdDate>2017-10-18T17:57:32Z</createdDate>
<updatedBy>
<id>45941</id>
<username>username</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</updatedBy>
<updatedDate>2017-10-18T17:57:32Z</updatedDate>
</WebApp>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[Custom Attribute via API]]>
</name>
<url>
<![CDATA[http://funkytown.vuln.qa.qualys.com:80/updated_web_app_name/]]>
</url>
<attributes>
<set>
<Attribute>
<name>Custom key 1</name>
<value>
<![CDATA[Custom value 1]]>
</value>
</Attribute>
</set>
</attributes>
</WebApp>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>2514680</id>
<name>
<![CDATA[Custom Attribute via API]]>
</name>
<url>
<![CDATA[http://funkytown.vuln.qa.qualys.com:80/updated_web_app_name/]]>
</url>
<owner>
<id>4354</id>
<username>user_steve</username>
<firstName>
<![CDATA[Steve]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<scope>ALL</scope>
<attributes>
<count>1</count>
<list>
<Attribute>
<name>
<![CDATA[Custom key 1]]>
</name>
<value>
<![CDATA[Custom value 1]]>
</value>
</Attribute>
</list>
</attributes>
<defaultScanner>
<type>EXTERNAL</type>
</defaultScanner>
<scannerLocked>false</scannerLocked>
<progressiveScanning>ENABLED</progressiveScanning>
<urlBlacklist>
<count>0</count>
</urlBlacklist>
<urlWhitelist>
<count>0</count>
</urlWhitelist>
<postDataBlacklist>
<count>0</count>
</postDataBlacklist>
<authRecords>
<count>0</count>
</authRecords>
<dnsOverrides>
<count>0</count>
</dnsOverrides>
<useRobots>IGNORE</useRobots>
<useSitemap>false</useSitemap>
<malwareMonitoring>false</malwareMonitoring>
<tags>
<count>0</count>
</tags>
<comments>
<count>0</count>
</comments>
<isScheduled>false</isScheduled>
<createdBy>
<id>4354</id>
<username>user_steve</username>
<firstName>
<![CDATA[Steve]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</createdBy>
<createdDate>2017-09-30T00:18:38Z</createdDate>
<updatedBy>
<id>4354</id>
<username>user_steve</username>
<firstName>
<![CDATA[Steve]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</updatedBy>
<updatedDate>2017-09-30T00:18:38Z</updatedDate>
<config/>
</WebApp>
</data>
</ServiceResponse>
Let us configure the default authentication record while creating or updating the web application. Create a web application with default authentication record ID #9133.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[Create webapp with default auth record]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<scope>ALL</scope>
<scannerLocked>false</scannerLocked>
<useRobots>IGNORE</useRobots>
<useSitemap>false</useSitemap>
<malwareMonitoring>false</malwareMonitoring>
<config>
<defaultAuthRecord>
<id>9133</id>
</defaultAuthRecord>
</config>
</WebApp>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/
was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>53040</id>
<name>
<![CDATA[Create webapp with default auth record]]>
</name>
...
<config>
<defaultAuthRecord>
<id>9133</id>
<name>
<![CDATA[WAS-9133]]>
</name>
</defaultAuthRecord>
</config>
</WebApp>
</data>
</ServiceResponse>
Let us create a new web application called “My Web Application” with the starting URL “http://mywebapp.com” and assign a group of scanners using tag Scannerpool (ID 15415353311147). The default web application settings are assigned automatically.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<defaultScannerTags>
<set>
<Tag>
<id>15415353311147</id>
</Tag>
</set>
</defaultScannerTags>
</WebApp>
</data>
</ServiceRequest>XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/
was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>842422</id>
<name>
<![CDATA[My Web Application]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<owner>
<id>337014</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<scope>ALL</scope>
<attributes>
<count>0</count>
</attributes>
<defaultScannerTags>
<count>1</count>
<list>
<Tag>
<id>15415353311147</id>
<name>
<![CDATA[TagForScanner]]>
</name>
</Tag>
</list>
</defaultScannerTags>
<scannerLocked>false</scannerLocked>
<progressiveScanning>DISABLED</progressiveScanning>
<urlBlacklist>
<count>0</count>
</urlBlacklist>
<urlWhitelist>
<count>0</count>
</urlWhitelist>
<postDataBlacklist>
<count>0</count>
</postDataBlacklist>
<logoutRegexList>
<count>0</count>
</logoutRegexList>
<authRecords>
<count>0</count>
</authRecords>
<dnsOverrides>
<count>0</count>
</dnsOverrides>
<useRobots>IGNORE</useRobots>
<useSitemap>false</useSitemap>
<malwareMonitoring>false</malwareMonitoring>
<tags>
<count>0</count>
</tags>
<comments>
<count>0</count>
</comments>
<isScheduled>false</isScheduled>
<createdBy>
<id>337014</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</createdBy>
<createdDate>2017-01-12T12:03:37Z</createdDate>
<updatedBy>
<id>337014</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</updatedBy>
<updatedDate>2017-01-12T12:03:37Z</updatedDate>
<config/>
</WebApp>
</data>
</ServiceResponse>Let us create a new web application called “My Web Application” that has the starting URL “http://mywebapp.com” and add selenium script (TestSeleniumScript) to it.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<crawlingScripts>
<set>
<SeleniumScript>
<name>
<![CDATA[TestSeleniumScript]]>
</name>
<startingUrl>
<![CDATA[http://www.mywebapp.com]]>
</startingUrl>
<data>
<![CDATA[
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head profile="http://selenium-ide.openqa.org/profiles/test-case">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="selenium.base" href="http://10.10.26.238" />
<title>New Test</title>
</head>
<body>
<table cellpadding="1" cellspacing="1" border="1">
<thead>
<tr>
<td rowspan="1" colspan="3">New Test</td>
</tr>
</thead>
<tbody>
<tr>
<td>open</td>
<td>http://10.10.26.238/</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>name=login</td>
<td>admin</td>
</tr>
<tr>
<td>type</td>
<td>name=password</td>
<td>abc123</td>
</tr>
<tr>
<td>clickAndWait</td>
<td>name=submit</td>
<td></td>
</tr>
</tbody>
</table>
</body></html>]]>
</data>
<requiresAuthentication>true</requiresAuthentication>
<startingUrlRegex>true</startingUrlRegex>
</SeleniumScript>
</set>
</crawlingScripts>
</WebApp>
</data>
</ServiceRequest> XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/rest/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>937657</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<owner>
<id>337014</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<scope>ALL</scope>
<attributes>
<count>0</count>
</attributes>
<defaultScanner>
<type>EXTERNAL</type>
</defaultScanner>
<scannerLocked>false</scannerLocked>
<urlBlacklist>
<count>0</count>
</urlBlacklist>
<urlWhitelist>
<count>0</count>
</urlWhitelist>
<postDataBlacklist>
<count>0</count>
</postDataBlacklist>
<logoutRegexList>
<count>0</count>
</logoutRegexList>
<authRecords>
<count>0</count>
</authRecords>
<dnsOverrides>
<count>0</count>
</dnsOverrides>
<useRobots>IGNORE</useRobots>
<useSitemap>false</useSitemap>
<malwareMonitoring>false</malwareMonitoring>
<malwareNotification>false</malwareNotification>
<tags>
<count>0</count>
</tags>
<comments>
<count>0</count>
</comments>
<isScheduled>false</isScheduled>
<createdBy>
<id>337014</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</createdBy>
<createdDate>2017-02-06T10:54:00Z</createdDate>
<updatedBy>
<id>337014</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</updatedBy>
<updatedDate>2017-02-06T10:54:00Z</updatedDate>
<config/>
<crawlingScripts>
<count>1</count>
<list>
<SeleniumScript>
<id>2500</id>
<name>
<![CDATA[TestSeleniumScript]]>
</name>
<data>
<![CDATA[
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head profile="http://selenium-ide.openqa.org/profiles/test-case">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="selenium.base" href="http://10.10.26.238" />
<title>New Test</title>
</head>
<body>
<table cellpadding="1" cellspacing="1" border="1">
<thead>
<tr>
<td rowspan="1" colspan="3">New Test</td>
</tr>
</thead>
<tbody>
<tr>
<td>open</td>
<td>http://10.10.26.238/</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>name=login</td>
<td>admin</td>
</tr>
<tr>
<td>type</td>
<td>name=password</td>
<td>abc123</td>
</tr>
<tr>
<td>clickAndWait</td>
<td>name=submit</td>
<td></td>
</tr>
</tbody>
</table>
</body></html>]]>
</data>
<requiresAuthentication>true
</requiresAuthentication>
<startingUrl>
<![CDATA[http://www.mywebapp.com]]>
</startingUrl>
<startingUrlRegex>true</startingUrlRegex>
</SeleniumScript>
</list>
</crawlingScripts>
</WebApp>
</data>
</ServiceResponse>
The user will be able to set progressiveScanning to true or false, if Progressive Scanning is enabled for the subscription. When Progressive Scanning is enabled for the subscription, if progressiveScanning option is not specified during CREATE request, by default the option will be enabled for the web application.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]>
</url>
<progressiveScanning>false</progressiveScanning>
</WebApp>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>1912949</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://mywebapp.com]]]>
</url>
...
<scannerLocked>false</scannerLocked>
<progressiveScanning>false</progressiveScanning>
...
...If Progressive Scanning is not enabled for the subscription, the <progressiveScanning> element cannot not be provided, otherwise an error will be returned.
XML response (error)
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>INVALID_REQUEST</responseCode>
<responseErrorDetails>
<errorMessage>Progressive scanning is not enabled in your subscription.</errorMessage>
<errorResolution>Please check with your account manager to enable this option.</errorResolution>
</responseErrorDetails>
</ServiceResponse>The user can create a new web application by adding URLs with non-standard TLDs in the domain.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/webapp/" < file.xml
Note: “file.xml” contains the request POST data.Request POST data
<ServiceRequest>
<data>
<WebApp>
<name>
<![CDATA[TEST_TLDs_latest-1 - API]]>
</name>
<url>
<![CDATA[http://10.11.68.74]]>
</url>
<scope>DOMAINS</scope>
<domains>
<set>
<Domain>
<![CDATA[Afterfix.showtime]]>
</Domain>
</set>
</domains>
</WebApp>
</data>
</ServiceRequest>XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/webapp.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WebApp>
<id>11713839</id>
<name>
<![CDATA[TEST_TLDs_latest-1 - API]]>
</name>
<url>
<![CDATA[http://10.11.68.74]]>
</url>
<owner>
<id>8296038</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<scope>DOMAINS</scope>
....
</WebApp>
</data>
</ServiceResponse><platform API server>/qps/xsd/3.0/was/webapp.xsd