Release 1.14

May 23, 2024

What's New?

Changes in the UI Interface

With this release, the following changes are made to the Web Application Scanning user interface: 

A new tab – Applications is added, and the Web Applications tab is moved in the Applications tab.

The Authentication tab is moved in the Configuration tab.

QQL Token Changes

The tokens that begin with "webapp" are now renamed to start with "application."

For example, webapp.lastScanAuthStatus is renamed to application.lastScanAuthStatus

There are no changes in the saved searches. The current saved searches containing the QQL tokens with the word "webapp" function properly.

Web Application Validation 

With this feature, you can launch a test for all open findings for a web application using the Validate option in the Quick Actions menu. Earlier, to launch a retest for multiple detections, you had to select all the detections and then launch the retest from the detection datalist.

To validate the web application detections, select a web application and click Validate

The Detections tab displays the detections for the selected web application as Retesting

If you select the validate option for a web application for which the validation is triggered, a message is displayed that conveys that the validation is already running. 

Support for Multi-Grouped Bar Widgets

With this release, we have added support for the multi-group bar widget in the dashboard. You can consolidate various data points and group them using multiple parameters in a multi-grouped bar widget.

For example, the following snippet indicates the widget creation using Multi-Groped representation. 

TruRisk Changes – Updated Logic for QDS Value for the QID

The Qualys Detection Score (QDS) scores for each QID is one of the contributing factors in the TruRisk Score of a web application.

With this release, we have updated the logic for deriving the QDS value:

  • If QID has one or more CVEs associated, the highest QVS score among all CVEs is considered. 
  • If QID has no CVE associated, then consider the QVS score assigned to QID.

Issues Addressed

The following reported and notable customer issues have been fixed in this release.

Category/Component Issue

Web Application 

An issue was observed where the user could not add a domain name containing a double dash (-) while creating or editing a web application. The issue is resolved.  

Report Template

Multiple issues were observed when the template assigned to the scheduled report was deleted, the template name was still visible in the Reports and View Schedules Report window.

Now, when the template assigned to a scheduled report is deleted, the template name is not available in the Reports and View Scheduled Report window and the user can select a new template while editing a report schedule. 

Authentication Record 

We have fixed an issue where the authentication record is displayed as None in the WAS scheduled scan, although the authentication record is selected while creating a scan schedule.

Scan Schedule, Tags 

In a scenario where the user tries to edit a scan schedule in the Scan Target, if the Include web applications with the selected tags are set to ALL, the value changes to Any after the scan schedule is saved. 

This issue is resolved now. 

Scans 

An issue where the scan got canceled immediately after the scan started, although the cancelation date was set in the scan settings. 

Proxy settings, External Scanners 

We have fixed an issue where the Web Application Scanning stopped responding when the user tried to change the proxy settings while editing multiple web applications.  

Now, if the user selects to edit multiple web applications, the user cannot edit the proxy settings if the Enable Proxy Support For External Scanning flag is set to No. 

Web Application 

We have fixed an issue where the user could not add or delete www from the Web Application URL while editing a web application. 

Dashboard, TruRisk Widget 

An issue was observed where the user added a detection query in the TruRisk widget. In this case, upon clicking the vulnerability count, the Detection tab did not display any data. 

This issue is resolved, and the TruRisk widget can be used by adding an additional query for detection. 

Report Template, Tags

We have fixed an issue where the user could not delete an assigned tag while editing a report template. 

Report Template 

Earlier, a web application or scorecard report was created using a custom template, the user could not expand the Results section to view details of the QIDs. 

The issue is resolved, and the user can expand the Result section and view details of the detections. 

Web Application Report, Dynamic Search List 

In a scenario where the user creates and includes a dynamic search list in the web application report template, the Online Reports tab displays detections that are not included in the dynamic search list. 

This issue is fixed. 

Authentication Record 

We have fixed an issue where the authentication record is not used while performing scans when the user launches scan for multiple web applications with Form or OAuth2 authentication with Selenium script.