Release 1.17
October 15, 2024
On some platforms, Web Application Scanning will be upgraded directly to WAS 1.17 from WAS 1.15.
In such a case, WAS 1.17 includes changes in WAS 1.16 along with changes in WAS 1.17. For changes made in WAS 1.16, refer to the Web Application Scanning 1.16 Release Notes.
What's New?
With this release, we introduce the following new features and enhancements to the Web Application Scanning user interface.
WAS-ETM Integration
With this feature, the capabilities of the Qualys Enterprise TruRisk™ Management (ETM) application are now accessible through the Web Application Scanning (WAS) user interface. This feature also brings you the enhanced WAS user interface.
In the WAS user interface, you can view the TruRisk score and its details for your web applications as calculated in the ETM, its contributing factors, the TruRisk score calculation, and vulnerability details.
If you do not have a subscription to the Qualys ETM, the TrusRisk score displayed in the WAS user interface is calculated based on the QDS. If you are subscribed to the ETM, the TruRisk score is calculated based on the CVE score.
With the Qualys WAS-ETM integration, your assets' TruRisk score is reflected in the ETM and CyberSecurity Asset Management (CSAM) applications.
You must have an active ETM Subscription for your account to access the WAS-ETM integration.
Enhanced WAS User Interface
With this release, we are providing you with an enhanced WAS user interface for better interaction. The enhanced WAS user interface has added two more tabs: the Statistics tab and the Sources tab.
The Statistics tab shows the details such as active vulnerabilities and their categorization based on severity levels, count of sensitive content, the number of assets in the Information Gathered state, and the OWASP top five risks. Earlier, this information was displayed in the Summary tab.
The Sources tab displays the information of web application sources used for executing the scans. If you have an active subscription to the ETM application, the sources used for ETM scans are also displayed in this tab.
You do not need the ETM subscription to access the Statistics and Sources tabs in the WAS user interface. However, the ETM-specific information is available only to the users with an active ETM subscription.
Issues Addressed
The following important and notable issues are fixed in this release.
Category/Component | Issue Description |
---|---|
WAS Scans | We fixed an issue where some Japanese characters in the scan completion email notification were corrupted by updating the UTF-8 library. |
WAS Reports | We fixed an issue where users received an error while uploading the burp report by updating the CDATA in the report files. |