Release 1.16
September 25, 2024
What's New?
Create Widget from Query Option in Data List Tabs
Earlier, the option to create a widget from a query added to the data list tabs - Create Widget from Query- was available only in the Web Applications and Detections tab.
With this release, the Create Widget from Query option is available in the Scan List, Reports, and Schedules tab in Scans and Reports.
When you add a query and click Create Widget from Query, you are navigated to the widget creation workflow, where you can select a widget name and other settings.
Create New Option Profile in Web Application Workflow
With this release, you can create a new option profile while creating or editing the web application.
Certificate Data in Web Application Details
With this release, Web Application Scanning displays the certificate data generated during the SSL scan from WAS scan normalization. The certificate information processed by Certificate View is displayed in the Certificate tab in the Application Details.
If you click the certificate link, the certificate details page contains all the details related to the certificate, such as its validity, issued to, issued by, fingerprints, hosts, certificate path, and so on. You can also search through the list of certificates using QQL tokens in the Certificate View. For the token help, refer to Certificate View Online Help.
Purge Detections
With this release, you can remove the selected detections without losing the scan history. This is useful in scenarios where redundant links are added and you want to remove duplicate findings against URLs with redundant links.
The Purge option is available in the Quick Actions and Actions menu for purging single and multiple detections.
New Fields in Detection Details
With this release, the following new fields are available in the detection details:
CVSS V3 Vector String
CISA Added Date
CISA Due Date
New Tokens
The following new tokens are added to the Detections tab.
| Token | Description |
|---|---|
| vulnerability.cisaKnownExploits. cisaKEVAddedDate |
Use this token to search detections based on the date when CISA known exploitable vulnerability is added. The date is added in the YYYY-MM-DD format. |
| vulnerability.cisaKnownExploits. cisaKEVDueDate |
Use this token to search for detections based on the due date for CISA known exploitable vulnerability. The date is added in the YYYY-MM-DD format. |
The following new tokens are added to the Knowledge Base tab.
| Token | Description |
|---|---|
| vulnDef.type | Use this token to search for QIDs that match the selected vulnerability type—INFORMATION GATHERED, POTENTIAL_VULNERABILITY, CONFIRMED_VULNERABILITY, POTENTIAL_CONFIRMED_VULNERABILITY, SENSITIVE_CONTENT. |
| vulnDef.discoveryType | Use this token to search for QIDs with the selected discovery type with which the finding is detected. Discovery types—AUTHENTICATED, REMOTE, and REMOTE_AUTHENTICATED. |
| vulnDef.authenticationType | Use this token to search for QIDs with the selected authentication type—DB2, FORM, HTTP_BASIC, ORACLE, SNMP, UNIX, VMWARE, WINDOWS. |
| vulnDef.malware.name | Use this token to search for QIDs associated with the specified malware. |
| vulnDef.malware.aliases | Use this token to search for QIDs associated with the specified malware aliases. |
| vulnDef.malware.type | Use this token to search for QIDs associated with the specified malware type. |
| vulnDef.malware.platform | Use this token to search for QIDs associated with the specified malware platform. |
| vulnDef.malware.vendor | Use this token to search for QIDs associated with the specified malware vendor. |
| vulnDef.exploitAvailable | Use this token to search for QIDs with the known exploits available for the vulnerability. |
| vulnDef.malwareAvailable | Use this token to search for QIDs with the known malware available for the vulnerability. |
| vulnDef.cvss3Info.attackVector | Use this token to search for QIDs with specified CVSS3 attack vector—NOT_DEFINED, NETWORK, ADJACENT_NETWORK, LOCAL_ACCESS, PHYSICAL_ACCESS |
| vulnDef.complianceTypes | Use this token to search for QIDs with the specified compliance type—HIPAA, GLBA, COBIT, SOX, or PCI. |
| vulnDefcomplianceSection | Use this token to search for QIDs with specified compliance section. |
| vulnDef.complianceDescription | Use this token to search for QIDs for which the compliance description matches the specified description. |
| vulnDef.owaspTopTen.code | Use this token to search for QIDs matching the OWASP Top Ten code—A01-A10. |
| vulnDef.owaspApiTopTen.code | Use this token to search for QIDs matching the OWASP API Top Ten code—API01 - API10. |
| vulnDef.listInclusion | Use this token to search for QIDs in the specified list—QUALYS_EXT_10, QUALYS_INT_10, SANS_20. |
| vulnDef.bugtraqIds | Use this token to search for QIDs with the specified Bugtraq ID. |
Renamed the Severity Filter to Security Risk
Earlier, the Severity filter in the left pane of the Web Applications tab displayed a value of 0 and listed the web applications that are not scanned or scanned with no detections.
With this release, the Severity filter is renamed to By Security Risk to display the web application data correctly.
Issues Addressed
The following reported and notable customer issues have been fixed in this release.
| Category/Component | Issue Description |
|
Scan Schedule Start Date |
We have fixed an issue where the Start Date is displayed in a format different than the date format in the user profile settings. This was observed while scheduling a scan. |
|
Web Application Creation |
An issue was observed while creating a web application having a long URL with a slash (/), and the crawl scope was set to Limit to URL hostname and specified sub-domain; when the user tried to add a subdomain value, the application stopped responding. The issue is resolved now. |
|
Scanner Appliance |
An issue was observed where, in the scheduled multi-scans, some web applications were scanned with external scanners even though the user had selected the tag for the internal scanner pool in the Scanner Appliance. This resulted in scan failure. This issue is resolved, and all the web applications are mapped to the scanner pool. |
|
Web Application Import |
We have fixed an issue the user faced while importing a web application using a .txt file. |
|
Crawl Settings |
We have fixed an issue where the domain description message displayed multiple domain names. Now, the description message contains only the first domain name. |
|
Reports |
An issue was observed where a sub user could not generate a web application report and scan report. This issue was observed when create, edit, and delete report permissions were assigned to the sub-user; however, the user was not assigned read report permission. The issue is resolved now. Now, the sub-user with create, edit, and delete report permissions can create a web application and scan reports even when the read report permission is not assigned. |
|
Scan Report Download |
When downloading the scan reports, an issue was observed: The scan report generation encountered an error due to corrupted data. The issue is resolved now. |
|
Web Applications, EASM-related tag |
We have fixed an issue where the user encountered an issue while editing web applications with the EASM Confidence Medium or EASM Confidence High tags assigned. The issue is resolved now. |
|
Crawl Scope, Web Application Creation |
Earlier, while creating a web application, the user could not enter URLs to the Explicit URLs to Crawl field when the Crawl Scope was set to Limit to Content Located at or below URL subdirectory. The issue is resolved, and the user can add an explicit URL using a subdomain while creating a web application. |
|
Detection Status |
An issue was observed where the status of the finding did not change to Fixed even though the setting to close the finding when the URL could not be found was done. The issue is resolved now. |
|
Dashboard Widgets |
The user encountered issues while editing the TruRisk-related widgets in the dashboard created in the Web Application Scanning version earlier to 1.15. For example, if the user added a detection query, no data was displayed upon saving the query. If the users deleted the detection query and tried to add the application query, the Detection Query field was added. These issues are resolved now, and the user can edit the dashboard widgets related to the TruRisk™ score. |