Explore the KnowledgeBase
Click to view navigation pane

Home

Explore the KnowledgeBase

Our KnowledgeBase of vulnerabilities is the largest and most up to date in the security  industry. Go to the KnowledgeBase to see a complete list of vulnerabilities that can be detected by our security service.

You'll see these vulnerability types:

- Cross-site Scripting Vulnerabilities: Persistent, Reflected, Header, Browser-specific

- SQL Injection Vulnerabilities: Regular and Blind

- Additional vulnerabilities tell you information gathered about each web application during the scan process, such as links crawled, the external links discovered, external form actions discovered, host information, and scan diagnostics

How to search for vulnerabilities

Select KnowledgeBase and navigate to Search results. Enter the search criteria and then click the Search button. You can enter text strings (no wildcards or operators). For example, to search for SQL vulnerabilities, enter "sql" under Search results and then click the Search button.

Search option under knowldgebase tab.

Use filters to find web application vulnerabilities

The KnowledgeBase contains all vulnerability checks provided by our service, including checks for VM scans as well as web application scans. Want to find web application vulnerabilities, the ones we can detect on your web apps? It's easy.

1) Go to the KnowledgeBase.

2) Under Filter Results in the left sidebar, expand Identification and choose Category > Web Application. The filter is applied right away.

Tip - You'll notice "Web Application" in the Category column for all vulnerabilities in the list.

3) You can apply additional filters to refine the list further.

To filter the list for vulnerabilities by severity level, expand Severity Level under Filter Results and choose those severity levels. For example, to search for web application vulnerabilities with confirmed severity level 4 and 5, under Confirmed Severity Level select the check boxes for levels 4 and 5.

How to view vulnerability details

Hover over a row and choose View from the Quick Actions menu. Learn more

What actions can I perform on vulnerabilities?

You can perform the various actions such as edit severity, restore severity, ignore or activate an ignored vulnerability in your KnowledgeBase.

Note: If the actions described here are not available, it means the feature has not been enabled for your subscription. If you want to enable this feature for your subscription, please contact your Qualys Technical Account Manager or Qualys Support and request it.

Permissions NeededPermissions Needed: You need to assign the permission named “Update Knowledgebase” in WAS Remediation Permissions for a user to be able to perform the new  actions that are introduced for vulnerabilities. Show meShow me

 

By default, this permission is assigned only to Manager user. If you want other users to be able to perform the actions, you need to explicitly assign Update KnowledgeBase permission to the user.

If the required permissions are assigned, you can:

-Edit the severity Edit the severity

Go to Knowledgebase, select the QID of the vulnerability and then select Edit Severity from the Actions menu. Slide the slider for Custom Level to the level you want to assign to the selected QID. Add a comment to indicate the change or reason for the change and then click Save.

Slide the slider to define a new severity for the vulnerabiity.

-Restore severityRestore severity

If you have changed the severity of a QID and want to revert it to the Qualys defined severity, select the QID, and select Restore Severity from the Actions menu.

A message is displayed asking confirmation for restoring severity of the QID. Once you confirm, the severity of the QID is restored to the Qualys defined severity.

Quick Action menu to choose Restore Severity for a vulnerability.

-Ignore a vulnerabilityIgnore a vulnerability

You can ignore vulnerabilities so they don't appear as actionable issues in the detections list. Go to Knowledgebase, select the QID and select Ignore from the Actions menu. When you ignore a detection, you'll be prompted to give a reason - false positive, acceptable risk or not applicable. The ignored detection's status label is grayed out in the report and in the Detections list. By default, the detection will not appear in future reports on the same web application or scan, until it is reactivated.

Choose the reason to mark a vulnerability to be ignored.

-Activate a vulnerabilityActivate a vulnerability

If you have marked the vulnerability as Ignore and now want to activate the vulnerability, select the QID, and select Activate from the quick actions menu.

A message is displayed asking confirmation for activating the QID. Once you confirm, the QID is not ignored.

Quick action menu to choose Activate for a vulnerability.

Want to learn more?

Check out: Discovery method | Exploitability | Malware | Configure search lists | Severity levels | Vulnerability categories