Release 1.14

May 23, 2024

What's New?

Changes in the UI Interface

With this release, the following changes are made to the Web Application Scanning user interface:

A new tab – Applications is added, and the Web Applications tab is moved in the Applications tab.

applications tab.

The Authentication tab is moved in the Configuration tab.

authentication tab moved under configuration tab.

QQL Token Changes

The tokens that begin with "webapp" are now renamed to start with "application."

For example, webapp.lastScanAuthStatus is renamed to application.lastScanAuthStatus

token changes from webapp. to application.

There are no changes in the saved searches. The current saved searches containing the QQL tokens with the word "webapp" function properly.

Web Application Validation

With this feature, you can launch a test for all open findings for a web application using the Validate option in the Quick Actions menu. Earlier, to launch a retest for multiple detections, you had to select all the detections and then launch the retest from the detection datalist.

To validate the web application detections, select a web application and click Validate.

validate web application. The Detections tab displays the detections for the selected web application as Retesting.

detections under validation.

If you select the validate option for a web application for which the validation is triggered, a message is displayed that conveys that the validation is already running.

Support for Multi-Grouped Bar Widgets

With this release, we have added support for the multi-group bar widget in the dashboard. You can consolidate various data points and group them using multiple parameters in a multi-grouped bar widget.

For example, the following snippet indicates the widget creation using Multi-Groped representation.

multi-group bar widget.

TruRisk Changes – Updated Logic for QDS Value for the QID

The Qualys Detection Score (QDS) scores for each QID is one of the contributing factors in the TruRisk™ Score of a web application.

With this release, we have updated the logic for deriving the QDS value:

If QID has one or more CVEs associated, the highest QVS score among all CVEs is considered.
If QID has no CVE associated, then consider the QVS score assigned to QID.

Issues Addressed

The following reported and notable customer issues have been fixed in this release.

Category/Component	Issue
Web Application	An issue was observed where the user could not add a domain name containing a double dash (-) while creating or editing a web application. The issue is resolved.
Report Template	Multiple issues were observed when the template assigned to the scheduled report was deleted, the template name was still visible in the Reports and View Schedules Report window. Now, when the template assigned to a scheduled report is deleted, the template name is not available in the Reports and View Scheduled Report window and the user can select a new template while editing a report schedule.
Authentication Record	We have fixed an issue where the authentication record is displayed as None in the WAS scheduled scan, although the authentication record is selected while creating a scan schedule.
Scan Schedule, Tags	In a scenario where the user tries to edit a scan schedule in the Scan Target, if the Include web applications with the selected tags are set to ALL, the value changes to Any after the scan schedule is saved. This issue is resolved now.
Scans	An issue where the scan got canceled immediately after the scan started, although the cancelation date was set in the scan settings.
Proxy settings, External Scanners	We have fixed an issue where the Web Application Scanning stopped responding when the user tried to change the proxy settings while editing multiple web applications. Now, if the user selects to edit multiple web applications, the user cannot edit the proxy settings if the Enable Proxy Support For External Scanning flag is set to No.
Web Application	We have fixed an issue where the user could not add or delete www from the Web Application URL while editing a web application.
Dashboard, TruRisk Widget	An issue was observed where the user added a detection query in the TruRisk widget. In this case, upon clicking the vulnerability count, the Detection tab did not display any data. This issue is resolved, and the TruRisk widget can be used by adding an additional query for detection.
Report Template, Tags	We have fixed an issue where the user could not delete an assigned tag while editing a report template.
Report Template	Earlier, a web application or scorecard report was created using a custom template, the user could not expand the Results section to view details of the QIDs. The issue is resolved, and the user can expand the Result section and view details of the detections.
Web Application Report, Dynamic Search List	In a scenario where the user creates and includes a dynamic search list in the web application report template, the Online Reports tab displays detections that are not included in the dynamic search list. This issue is fixed.
Authentication Record	We have fixed an issue where the authentication record is not used while performing scans when the user launches scan for multiple web applications with Form or OAuth2 authentication with Selenium script.