Web Application Scanning Release 1.20

April 14, 2025

What's New?

Customized Advanced Filter in Application Tab

We have renamed the Classic filters in the Web Applications to Advanced.

With this release, you can add customized filters to the list of existing Advanced filters. The customized filters help add more search criteria based on the QQL tokens in the Advanced filters and search using the filter without manually entering the QQL token.

Example of Customized Advanced Filter

Customized Advance Filter in Applications tab.

New Option Profile - SSL TLS Options

With this release, we have added a new system-defined option profile, SSL TLS Options. This option profile includes the SSL/TLS and Certificate issues category as the Search Criteria.

You can use this option profile in scans to determine whether a web application uses SSL/TLS public-key encryption and, if so, how the encryption is configured.

Enhanced Scan Title Format in Global Settings

With this release, we have enhanced the Scan Title Format field in the Global Settings to include the time stamp along with the date as <DATETIME>, where the date and time are included in the YYYY-MM-DD_HH-MM-SS format.

Including a time stamp along with the date can help identify the scans when multiple scans are executed on the same day and reduce confusion related to scan titles.

enhanced scan title format.

New Criteria to Group Detections

With this release, two new options are added in the Group By filter in the Detections tab, with which the list of detections can be grouped with CVE ID and CWE ID.

New Criteria CVE and CWE ID in Group by in Detections.

Issues Addressed in Web Applications Scanning 1.20

The following notable and important issues are fixed in this release.

Category/Component	Issue Description
Scan Schedule	We fixed an issue where the user could not create a scan schedule for the web application using tags if the number of web applications exceeded the concurrency limit.
Scanner Appliance, Scan Schedule	We fixed an issue where the user could not remove the tag used for scanner selection based on the scanner tag while creating or editing the scan schedule.
Authentication	We fixed an issue where the user encountered authentication failure when the £ character was used in the authentication password.
Detection Details	We fixed an issue where discrepancies were observed in the QID status in the scan report, Detections tab, and the downloaded report.
Detection Details	We fixed an issue where the discrepancy was observed in the QDS score for QID 150063 on the Detections screen and in the Detection Details > QDS Details.
Authentication, sub user	We fixed an issue where the sub-user could not update the authentication record even when the required permissions were assigned.
QQL Token Help	We have updated the QQL token help for the tags.name in the Web Application Scanning help documentation.
Reports	A message specifying that the display settings in the report template do not apply to reports downloaded in CSV and XML formats is added to the Report template > Display window.
Proxy configuration	We fixed an issue where the scanner did not use proxy settings while scanning a web application, although the proxy settings were enabled for the web application.
Burp Detections	When the user imported a burp report, the list of detections was not available in the Detections tab and Detections in the Application Details window. The issue is fixed.
Import Burp Report	We have updated the error messages displayed in burp import scenarios. Now, two error messages are displayed in case of invalid XML and in a scenario where the XML contains data other than the burp issues report.
Scanner Appliance	We fixed an issue where the user could not update the scanner appliance from External to the Scanner Pool, where the user could select a dynamic tag. This issue occurred when the user deleted a tag and created a tag with the same name.
Web Applications	We fixed an issue where the user could not view specific web applications in spite of the required permissions.
Detections, Retest	When the user retested the detection with QID 150001, the results displayed that the detection was Fixed. However, the scan results displayed the same detection as Active. This issue is not fixed.
Scanner Appliance	We fixed an issue where the scanner details were not available in the scan details for some scans.
Web application scans	An issue was observed when the same option profile was used for two or more web applications in the multi-scan or scheduled multi-scans; the option profile was assigned only for scanning one web application.