Release 1.18
December 15, 2024
What's New?
With this release, we introduce the following new features and enhancements to the Web Application Scanning user interface.
Enhanced Search with Classic Filters in Web Applications
With this release, the classic data list filters are available in the Web Applications tab to enhance web application search.
With these filters, you can search for web applications using multiple criteria for web applications and detections associated with web applications. The filters help in quick searches with multiple and complex criteria without entering the QQL tokens manually.
A toggle is added to the left pane to switch between Quick and Classic filters.
When you select multiple criteria from the Classic filters, the QQL tokens are added accordingly, and a search is performed to find the web applications based on the specified criteria.
For example, values for the Web Application, Last Scan Status, and Detection Type filters are set from the classic filters.
Token Changes
The following QQL tokens are added to the Web Applications tab for the Classic filters.
| Token | Description |
|---|---|
| application.scanScheduled | Select the value true | false to find applications for which scan is scheduled. |
| application.scanScheduledType | Select a scan type to find applications which have the selected scan scheduled: DISCOVERY, VULNERABILITY. |
| application.scannerType | Select a scanner type to find applications where the selected scanner appliance type is defined for scanning: EXTERNAL, INTERAL, SCANNER_TAGS. |
New Scan Status for Maximum Links Crawled
With this feature, we have added a new scan status - Max Links Crawled to indicate that the web application scan has ended due to the maximum number of links allowed for the scan has been crawled.
Token Change
The new value - MAX LINKS CRAWLED is added to the following tokens in WAS.
| Tab | Token | Description |
|---|---|---|
| Scan List | scan.status | Use the MAX LINKS CRAWLED value to find scans that ended because the maximum allowed links have been crawled in the scan. |
| Web Applications | application.lastScanStatus | Use the MAX LINKS CRAWLED value to find web applications for which the last scan status is MAX LINKS CRAWLED. |
WAS-VMDR Integration
When Qualys Vulnerability Management Detection and Response (VMDR) detects some specific QIDs on the host assets, these QIDs signify that there might be a web application service running on the host asset. With this release, you can create a web application in WAS from the Detections tab in VMDR. Each of these QIDs has a port mapped to it which is used to populate the URL of the web application to be created in WAS.
10464
11803
11827
11955
12087
12230
12245
12882
6728
12680
13136
13162
13910
38806
38807
38808
38809
42416
45056
45114
45110
45264
45266
48001
48002
48065
48118
48131
48200
62054
86000
86001
86047
86048
86054
86263
86264
86383
86473
86565
86693
86762
86728
86729
86743
86771
87089
87379
105664
| Required Application Version | VMDR 2.1.0 |
You must have VMDR and WAS subscription and configure WAS Asset Permissions assigned.
New Token
The following new tokens are added in the KnowledgeBase tabs:
| Token | Description |
|---|---|
| vulnDef.patchAvailable | Select the one of the values - true | false to search QIDs based on patch availability. |
| vulnDef.complianceTypes | Use this token to search for QIDs with the specified compliance type—HIPAA, GLBA, COBIT, SOX, or PCI. |
Token Removal
The following token is removed from the Web Applications tab:
| Token | Description |
|---|---|
| asset.uuid | You could use this token to find web applications with specified UUID. |
Issues Addressed
The following important and notable issues are fixed in this release.
| Category/Component | Issue Description |
|---|---|
|
Scan report
|
We have fixed an issue where the Scan Details section in the Scan Report displays Authentication as Not Used even when QIDs 150035 and 150116 were reported. Together, QIDs 150116 and 150035 indicate successful server authentication. |
|
Scan schedule |
If a web application removed from the subscription is part of an existing scheduled scan, it was not removed from the scheduled scan, and the user could not edit the scan schedule. This issue has been fixed. Now, the web application removed from the subscription is removed from the scan schedule automatically, and the user can edit the scan schedule. |
|
DNS Override, Scans
|
When the user launched a scan for multiple web applications, the scans did not use the DNS Override value even when the default setting for DNS Override was set to Use DNS override defined per application if proxy is not used. Now, the defined DNS override value is used for multiple web application scanning and is available in the Scan Details screen and Scan Report. |
|
Authentication record
|
While editing an authentication record with a parametrized Selenium script, when the user deleted and uploaded the script again and launched a scan, the authentication failed due to an empty password tag. This issue is fixed. |
| Scan schedule | We fixed an issue where the user could not view or edit a scan schedule if the Scanner Appliance option from legacy WAS. Now, the user can access the scan schedule from the new WAS even if the scanner appliance is marked as deleted. |
|
Sitemap report
|
An issue was observed when the user downloaded the sitemap report for links greater than 10000 in a CSV format; the report did not display crawl links. The issue is fixed, and the sitemap reports get downloaded with all results available in the report. |
|
Scan report
|
We have fixed an issue where the Detection Information section in the web application report and scan report did not display which keywords or regex were matched during scanning even when keywords and regex are defined to detect sensitive content in the target web application. |
|
Scans
|
We have fixed an issue where the scan status was displayed as Processing even when the scan ended. |
|
Scan report
|
We fixed an issue where the DNS override setting was visible in the Scan Details but not available in the scan Report. This was observed for scheduled and on-demand scans. |
|
Scan settings
|
We fixed an issue where the user could not update the Cancel Scan option > Cancel Scan After value to the value configured for the subscription while editing a scan schedule. The user could set the value between 24 to 48 hours. |
|
Retest web application
|
We fixed an issue where the user encountered an error while retesting some web applications. |
|
User permissions
|
We fixed an issue where the sub-user could not update the authentication record even though the right permissions were assigned. |
|
Proxy support
|
We fixed an issue where the scheduled scan did not use proxy settings when the scan target is defined using tags and the Proxy Support option is set to User Proxy defined for each web application. |
|
Dashboard, QQL
|
Earlier, when the user clicked a dashboard widget, the data list displayed incorrect results for the query. This was observed due to incorrect mapping of QQL queries from the dashboard to the data list for table and graph widgets. The issue is resolved. |
|
Web Application data list report
|
We fixed an issue where a discrepancy was observed between the web application count and the downloaded data list report. |
|
Dashboard, QQL |
An issue was observed when the user clicked a dashboard widget, the data list displayed incorrect data. This was observed as the backticks were getting incorrectly added to the QQL token value. This issue is fixed. |