Release 1.15
July 23, 2024
What's New?
Support for Application Widget in Dashboard
With this release, you can create widgets to display data for applications, which includes data for web applications and APIs.
For access to the APIs tab, contact your Qualys representative.
The following image indicates the widget creation for the applications that are scanned.
Change in Location of Switch to classic WAS Option
With this release, the option to switch to the classic WAS view is available in the Help options, as displayed in the following image:
Create New Authentication Record and DNS Override from Web Application
With this release, you can create a new authentication record and a new DNS override record while creating or editing the web application.
Enhancements in Quick Actions and Actions Menu for Web Applications
With this release, the following changes are made to the Quick Actions and Actions menu:
Options Grouped in the Actions Menu
The actions are listed as grouped in the Actions menu in the Web Applications tab.
Options in the Quick Actions Menu
The following options are added to the Quick Actions menu:
- Open In Browser - opens the web application in a browser.
- Find Scans - opens scans associated with the selected web application in the Scan List tab.
- Find Schedules - opens scan schedules associated with the selected web application in the Scans > Schedules tab.
- Find Detections - opens the detections list associated with the selected web applications in the Detections tab.
- Discovery Schedule - opens a new discovery schedule creation wizard
- Vulnerability Schedule - opens a new vulnerability scan schedule creation wizard.
The following options are renamed:
- Validate renamed to Retest Web app - retest all findings for a web application.
- View Web Application Report renamed to View Report - opens web application report
- View Scan Report renamed to Last Scan Report - opens report of the last scan in the Online Report tab.
New Token
A new token asset.id is added to the Scans > Schedules tab.
| Token name | Description |
|---|---|
| asset.id | Use an integer value to find scan schedules associated with the asset with the given asset ID. |
QQL Search Enhancements
With this release, we support values containing period (.) or underscore (_) while searching with text string in QQL tokens. With this change, search with the text string in between is also supported along with prefix matching on the entire value.
We have enabled partial search of strings with 3 to 5 characters in a QQL token value. The characters limit is set to optimize performance and storage requirements.
This is applicable to the following tokens:
| Tab | Token Names |
|---|---|
| Web Applications | application.attribute.name, application.attribute.value, application.authenticationRecord.name, application.dnsOverride.name, asset.name, application.optionProfile.name, application.proxy.name, application.scannerAppliance, application.scannerApplianceTags.name, tags.name, application.url, |
| Detections | vulnerability.comment, vulnerability.groupName, vulnerability.groupTitle, vulnerability.ignoredComment, vulnerability.title, vulnerability.owaspTopTen.name, vulnerability.owaspApiTopTen.name, vulnerability.param, vulnerability.paramType, tags.name, vulnerability.url |
| Scans | scan.authenticationRecord.name, scan.dnsOverride.name, scan.name, scan.optionProfile.name, scan.parent.name, scan.proxy.name, scan.scannerAppliance.name, scan.scannerApplianceTags.name, scan.reference, scan.schedule.name, scan.target.tags.name, scan.target.url, scan.target.asset.name, scan.findings.groupName, scan.findings.groupTitle, scan.findings.title, scan.findings.owaspTopTen.name, scan.findings.owaspApiTopTen.name, scan.findings.param, scan.findings.url |
Examples
If the web application name is Webapp_Query_Test. The web application is searchable with the following queries:
- asset.name:_Query_Test
- asset.name: query
- asset.name: uer
- asset.name: app
Issues Addressed
The following reported and notable customer issues have been fixed in this release.
| Category/Component | Issue Description |
|
Web Application creation |
We have resolved an issue where the user could not create a web application without www. Now, the user can create and edit a web application without www. |
|
Purge burp findings |
We have fixed an issue where the burp findings did not get purged although the Purge Burp issues for the web application before import check box was selected while importing burp findings. |
|
Search Tokens
|
An issue was observed where the scan.startDate token search did not display correct data in the Scan List tab. |
|
Progressive Scanning
|
An issue was observed when the user launched the scan using the Scan Again option; the progressive scanning option is disabled if the previous scan was not complete. The issue is resolved. This is applicable only if the previous scan did not complete with the status Time limit Reached or Service Error detected. |
|
Time zone settings
|
We have fixed an issue where the scheduled scan displays the time in GMT even if the date display is set to Use browser time zone option in the user profile settings. |
|
Scanner Appliance
|
An issue was observed where the VLAN information was not displayed in the Scanner Appliance Information dialog box. The issue is resolved and VLAN information is now displayed for scanner appliances. |
|
Saved searches, Dashboard
|
We have fixed an issue where the user could retrieve saved searches while adding widgets to the dashboard for Web Application Scanning. |
|
Global Settings Exclusions
|
We have fixed an issue where the Web Application Scanning stopped responding when the user tried to add parameters in the Exclusions section in Global Settings tab. |
|
WAS scans
|
Multiple issues were observed in the WAS vulnerability scan processing. The scan issues are resolved. |
| Edit scan schedule | We have fixed an issue where after the user edited the scan schedule, the updated values of the option profiles and can scan settings reverted to |