Use authentication to discover and validate vulnerabilities by performing more in-depth assessment of your web applications. Some web applications require authenticated access to the majority of their functionality. Authenticated scanning can be configured for HTML forms like login pages and server-based authentication (HTTP Basic, Digest, NTLM). Learn more
Identify headers that need to be injected by our scanning service to scan the web application. This option is intended to be used when a workaround is needed for complex authentication schemes or to impersonate a web browser.
Enter header information in the field provided. You can enter a maximum of 131,072 characters.
Enter each header in the format: <header>: <text>.
Multiple headers may be entered. Each header must be on a separate line.
To bypass a complex login form (for example, for multi-step authentication or CAPTCHA), where mwf_login is the session identifier for the application:
Cookie: mwf_login=2-e3b930b2cf6549d0351346d3cf56e9ae
To bypass a complex login form (for example, for multi-step authentication or CAPTCHA), where ASPSESSIONIDAARTTCBQ is the session identifier for the application:
Cookie: ASPSESSIONIDAARTTCBQ=BGHDNEICDKJBGJFMOIAOPLAG
To use a personalized user agent:
User-Agent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3
Some web applications display different information for different user agents. For instance a web application accessed by a mobile device will display light content containing different functionality, links, forms and underlying HTML code. For this reason, the scanning engine may find different vulnerabilities.
To bypass basic authentication:
Authorization: Basic bXl1c2VyOm15cGFzc3dvcmQ=
When a header such as the above is provided, the header basic authentication overrides any authentication record with basic authentication defined.
You can opt to define the target to be scanned: REST APIs (Swagger and non-Swagger based) or Burp Log file.
You can upload the Postman Collection exported file in JSON format and scan the REST APIs for vulnerabilities. Upload the Postman Collection File is mandatory whereas upload of Postman Environmental Variables and Postman Global Variables file is optional.
Upload the Burp log file to tell us which links need to be crawled and tested. You can upload only one Burp file at a time. If you upload a second file, the new file will replace the old file.
Upload the Swagger/OpenAPI file in JSON or YAML format and scan the REST APIs for vulnerabilities. You can upload one Swagger/OpenAPI file at a time. If you upload a second file, the new file will replace the old file. Learn more
Use DNS override records if you want to scan a web applications with multiple instances deployed in different environments. By default we'll use the DNS for the web application URL to crawl the web app and perform scanning. If you select a DNS override record, we'll use the mappings in your record instead. There a few reasons you might want to do this. For example your web application does not have a DNS entry since it's in a non-production environment. Or the web application may have a different IP address in a non-production environment (e.g. development or QA) than in production. Learn more
Redundant links are URLs with distinct paths that are identical. Qualys WAS allows customers to specify fully customizable patterns of redundant links so that a WAS scan won’t spend time crawling and testing duplicate links. You can now specify the patterns corresponding to redundant links, and the max occurrence for each pattern. QID 150140 lists redundant links/URL paths crawled and not crawled. We will report which Redundant Link URLs were matched, crawled, and tested, as well as which URLs were matched but skipped.
Define path fuzzing rules to tell us the components of your web page path that need to be tested.
Guidelines to create path fuzzing rules:
- must start with http:// or https://
- must include parameters
- can include only alphabets, numbers, and special symbols _.-~ in the parameter name
- cannot include blank parenthesis
- cannot include nested parameters {{}}
- cannot include unmatched parenthesis {}}
Example of web page:
http://www.abc.com/issue/17/section/sports/
The web server would read it as:
http://www.abc.com/search.php?issue=17§ion=sports
The path fuzzing rule would be:
http://www.abc.com/issue/{issue}/section/{section}
Defining this rule will ensure that issue and section parameters are fuzzed and we will limit the number of paths that match the same rule because they are redundant.
The Form Training option provides a customized facility to define action URI and add specific form field and its value to be substituted during crawling and fuzzing. It also allows you to override a specific html fields value in the given form.
You can enter * in the 'Action URI' to tell us that the field values should be used for all the forms. If you want to define values for a specific form, enter value of the 'action' attribute of the form in the 'Action URI'.
Select if you want to perform regular checks for malware on your external web site. Malware Monitoring is available for external sites only.
Once enabled we'll automatically run a malware scan within a few hours and after that we'll run a daily scan at the same time (you'll see the schedule within the MDS application). You can define a custom scan start time if you'd like. The web application owner will automatically receive an email notification when a scan detects malware, unless you turn off the notification option by clearing the check box. The malware scan results will be available in the MDS application.
Comments
Enter comments to be saved with the web application.