New UI of Web Application Scanning (WAS)

This page summarizes enhancements, behavior changes, and known limitations in the new Qualys Web Application Scanning. 

Key Features of New WAS UI

The new WAS presents an enhanced and revamped user interface. In addition to the revamped user interface, the new WAS UI offers numerous key features that cater to the evolving needs of web application security. 

Redesigned Home page provides you with a comprehensive view of data in your subscription and different functionalities that you can use. 

Integration with Unified Dashboard enables you to create a customizable dashboard with widgets from different modules to get a complete and holistic view of your data and insights across all modules. 

Enhanced QQL support enables you to search data across different fields and combine them with logical operators, which also supports wildcards, ranges, proximity, and grouping. 

Integration with the CSAM/EASM : External Attack Surface Management (EASM) continuously identifies and monitors all your assets created by subsidiaries, mergers, and acquisitions, including all your web asset domains and subdomains. With the inventory of web servers, CSAM users can easily enable web application scanning of their critical web assets.

Redefined Risk Prioritization: With TruRiskTM score calculated for each web application, you can identify and prioritize the web assets for performing scans. 

CISA Known Exploitable Vulnerability Identification helps you identify and assess the risk to their Web Applications based on the CISA known exploitable vulnerabilities.

Time To Remediate (TTR) tracking to assess vulnerabilities based on TTR and track the overall progress in securing web applications.

Sitemap Reporting provides a comprehensive list of all the pages and links that have been scanned, as well as insight into the links crawled, any vulnerabilities found, and the identification of sensitive content.

The Plugins tab provides a complete view of WAS integration with third-party tools, including details on the supported versions and configuration steps, as well as a convenient plugin marketplace link.

Audit Log Service Integration helps in faster search through the audit logs to find actions performed in WAS UI, API, and other services. 

For more information, see Upgrade to New UI of Qualys Web Application Scanning (WAS): Bringing You Enhanced Web Application Security.

Behavior Change 

It is not possible to manually assign dynamic tags to assets in the new WAS. Dynamic tags can only be assigned to assets after rule evaluation. However, you can assign static tags to assets.

Known Limitations 

  • In the Web Applications tab of the classic WAS UI, the quick filters show hierarchical tags and all the tags are displayed regardless of whether they are assigned to web applications. However, the new UI does not display tag hierarchy in the quick filters; only the tags associated with web applications are displayed.
  • In the Web Applications tab, the Find option is not available in the Quick Actions for the selected web application to view the associated scans, schedules, and detections. However, you can view the scans and detections associated with the web applications in the web application details. 
  • When working with the new WAS UI, it is not possible to create a new record while creating or updating one record. For example, while creating or updating a web application, you cannot create a new option profile or authentication record. Similarly, while creating or updating an option profile, you cannot create a new search list or a new parameter set.
  • The QQL search in the new WAS UI has some limitations while using a text value. While using the text value in the search, the prefix matching on the entire value is supported. However, a search with the text string in between is not supported. This also applies if you have period (.) or underscore (_) in the text value. For example, 

    • The web application name is webapp_proxy. 

      • The web application is searchable with the following query: 

        • asset.name: weba                                     

      • The web application is not searchable with the following queries: 

        • asset.name: pro 

        • asset.name: app                                                                                                                                          

    • The web application name is webapp proxy. 

      • The web application is searchable with the following queries:

        • asset.name: webap  

        • asset.name: pro                                                                                                                                           

      • The web application is not searchable with the following queries:   

        • asset.name: oxy

        • asset.name: app                                                                                                                                  

Additional Resources

Online Help 

WAS User Interface video