Web Application Scanning Release 1.22

July 21, 2025

Customize Advanced Filters for Enhanced Search

We have enhanced the Advanced filters to support text-based and numeric customized searches across all tabs of the WAS user interface.

This enhancement helps you create complex search queries without manually creating QQL Token queries. You can use available operators to refine search criteria as per the specific requirements. For example, you can use the Greater than operator in the TruRisk Score filter to find the applications with the TruRisk Score greater than the specified value.

Operators for Text-based Search

For the filters where the values are alphanumeric strings, you can use the following operators to further refine the search criteria.

Contains: Use this operator to retrieve search results containing the specified text value.
Exact: Use this operator to retrieve search results exactly matching the specified text value.
Starts with: Use this operator to retrieve search results that start with the specified text value.
Ends with: Use this operator to retrieve search results that end with the specified text value.

The following image presents an example of the filter set to find web applications where the name contains WebApp Test.

Operators for Text-based Search.

Operators for Numeric Search

For the filters with numeric values, such as QIDs, Risk Score, you can use the following filters to refine the search criteria:

Equals: Use this operator to retrieve search results that exactly match the specified numeric value.
Greater than: Use this operator to retrieve search results with values greater than the specified numeric value.
Less than: Use this operator to retrieve search results with values less than the specified numeric value.

The following image presents an example of the filter set to find web applications with a TruRisk™ Score greater than 200.

Operators for Numeric Search.

Enhanced QQL Searches Across Tabs

We have enhanced the QQL search experience with the new enhancement, where the QQL search results in a tab are retained even when you navigate across the application to different tabs. This improves the efficiency and performance as

Earlier, if the user performs a search using QQL tokens and navigates to any other tab, the search results, you need to enter the QQL query again.

Added Support for Custom Header in OAuth 2.0 Authentication Records

You can now define a custom header value while creating OAuth 2.0 Record authentication. This custom header is used only for access token and refresh token requests, enabling secure API authentication workflows and seamless integration with external identity providers that require additional client metadata.

To add custom header for the OAuth2 records, a new field is available while creating and editing authentications records,

Custom Header field in OAuth2 authentication records

Issues Addressed

The following notable and important issues are fixed in this release.

Category/Component	Description
Retest scan	An issue was observed when the retest scan on some QIDs was stuck and did not provide any results. When the user tried to cancel the retest, an error was displayed. The issue is fixed.
Web Application import	While importing a web application using the csv file, an issue was encountered when the web application name contains special characters, such as ä, ö, ü. The web application name did not display properly, and the special characters were displayed as . The issue is now resolved, and we can import web applications with a name containing special characters.
QQL token	We fixed an issue where incorrect results were displayed in the Schedules tab in Scans with the scan.schedule.nextDate query.
Authentication Record, User Permissions	We fixed an issue where the Reader user could not update an authentication record with a Selenium script. With the additional permissions assigned to the user, the Reader user can now update the authentication record.
Web application edit	When the user edited the web application URL, the web application was updated successfully; however, the updated URL did not reflect. The issue is fixed.
Scheduled Scan	We fixed two issues with scheduled scans: - When the user added Start Time for a scheduled scan, the Start Time was not saved. - The Cancel Scan At and Start Time fields displayed different values in the Edit Scan Schedule and View Scan Schedule windows.
Authentication status in detection details	We fixed an issue where the user could not find whether the authentication was used for the fixed vulnerabilities in the Detection Details \| History & Comments section. Now, the History & Comments section displays the text indicating whether the authentication record is used and the name of the authentication record.