The APIs tab lets you define and manage your APIs once added to your subscription. The Web Application Scanning service provides you an ability to scan APIs in your subscription for vulnerabilities and compliance. Your subscription comprises the number of web applications and APIs you have added to your account.
Qualys supports HTTP and HTTPS and assumes ports 80 and 443, respectively, but you can specify another port in your URL. To access your APIs, go to the Applications > APIs.
The tab displays the API name, last scanned date, updated date, and tags. The tab displays the vulnerability level of the application with the number of open vulnerabilities and the TruRisk™ score calculated for the APIs, which indicates the level of vulnerability of the API. For details on the TruRisk™ score, see Web Application TruRisk™ Calculation.
WAS discovers unique endpoints from the swagger file uploaded in the API assets when a vulnerability or compliance scan is performed for an API asset. Click Endpoints to view details of endpoints.
From the APIs tab, you can:
A) Add a new API. See Add a new API.
B) View API endpoint details. See View API Endpoints.
C) Enter QQL (Qualys Query Language) queries in the search box to search for APIs.
Use either application or detection tokens or both types of tokens in combination to search for applications. To use both application and detection tokens, click the plus icon in the search box. Enter the application tokens to search for applications by their name, severity, authentication record name, and so on. If you want to search for applications for specific detections, click the plus icon, and enter detection tokens. For example, you can find applications that have certain QIDs.
D) Use the left pane filters to search for APIs by severity, last scan status, authentication type, and tags. When you click a filter from the list, the QQL search box will show the filter query, and the tab will list only those assets that meet the filter conditions.
E) Use the Quick Actions menu to perform the following actions on the selected API:
F) Use the Actions menu to perform the following actions on the selected APIs:
G) Use the Group By filter to group the scans by criteria — Severity, API endpoint type, last scan status, vulnerability count, authentication status of last scan, security risk, tags,
H) Use the Search Actions menu to view the recent searches, save search queries added in the search box and manage saved searches.