Web Application Scanning Release 1.20
April 14, 2025
What's New?
Customized Advanced Filter in Application Tab
We have renamed the Classic filters in the Web Applications to Advanced.
With this release, you can add customized filters to the list of existing Advanced filters. The customized filters help add more search criteria based on the QQL tokens in the Advanced filters and search using the filter without manually entering the QQL token.
Example of Customized Advanced Filter
New Option Profile - SSL TLS Options
With this release, we have added a new system-defined option profile, SSL TLS Options. This option profile includes the SSL/TLS and Certificate issues category as the Search Criteria.
You can use this option profile in scans to determine whether a web application uses SSL/TLS public-key encryption and, if so, how the encryption is configured.
Enhanced Scan Title Format in Global Settings
With this release, we have enhanced the Scan Title Format field in the Global Settings to include the time stamp along with the date as <DATETIME>, where the date and time are included in the YYYY-MM-DD_HH-MM-SS format.
Including a time stamp along with the date can help identify the scans when multiple scans are executed on the same day and reduce confusion related to scan titles.
New Criteria to Group Detections
With this release, two new options are added in the Group By filter in the Detections tab, with which the list of detections can be grouped with CVE ID and CWE ID.
Issues Addressed in Web Applications Scanning 1.20
The following notable and important issues are fixed in this release.
Category/Component | Issue Description |
---|---|
Scan Schedule |
We fixed an issue where the user could not create a scan schedule for the web application using tags if the number of web applications exceeded the concurrency limit. |
Scanner Appliance, Scan Schedule |
We fixed an issue where the user could not remove the tag used for scanner selection based on the scanner tag while creating or editing the scan schedule. |
Authentication |
We fixed an issue where the user encountered authentication failure when the £ character was used in the authentication password. |
Detection Details |
We fixed an issue where discrepancies were observed in the QID status in the scan report, Detections tab, and the downloaded report. |
Detection Details |
We fixed an issue where the discrepancy was observed in the QDS score for QID 150063 on the Detections screen and in the Detection Details > QDS Details. |
Authentication, sub user
|
We fixed an issue where the sub-user could not update the authentication record even when the required permissions were assigned. |
QQL Token Help
|
We have updated the QQL token help for the tags.name in the Web Application Scanning help documentation. |
Reports
|
A message specifying that the display settings in the report template do not apply to reports downloaded in CSV and XML formats is added to the Report template > Display window. |
Proxy configuration
|
We fixed an issue where the scanner did not use proxy settings while scanning a web application, although the proxy settings were enabled for the web application. |
Burp Detections
|
When the user imported a burp report, the list of detections was not available in the Detections tab and Detections in the Application Details window. The issue is fixed. |
Import Burp Report
|
We have updated the error messages displayed in burp import scenarios. Now, two error messages are displayed in case of invalid XML and in a scenario where the XML contains data other than the burp issues report. |
Scanner Appliance
|
We fixed an issue where the user could not update the scanner appliance from External to the Scanner Pool, where the user could select a dynamic tag. This issue occurred when the user deleted a tag and created a tag with the same name. |
Web Applications |
We fixed an issue where the user could not view specific web applications in spite of the required permissions. |
Detections, Retest
|
When the user retested the detection with QID 150001, the results displayed that the detection was Fixed. However, the scan results displayed the same detection as Active. This issue is not fixed. |
Scanner Appliance |
We fixed an issue where the scanner details were not available in the scan details for some scans. |
Web application scans
|
An issue was observed when the same option profile was used for two or more web applications in the multi-scan or scheduled multi-scans; the option profile was assigned only for scanning one web application. |