Download - Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

Transcript
Page 1: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

Qualys WAS 4.6 New Features WewelcomesomelongawaitedexcitingnewfeatureswithWAS4.6.TheyareencompassedinwhatwecallSmartScan.SmartScanallowsforenhancedandadvancedscanningofAJAXheavywebapplicationsalongwithenhancedsupportforSinglePageApplications(SPA)andalsoadvancedframeworkssuchasAngularJSandbootstrap.WealsoareintroducingenhancedsupportforGoogleWebToolkit(GWT)andDirectWebRemoting(DWR)aswell.Pleasenotethatthisisourfirstphaseandlimitedreleaseofthesenewfeaturesandcapabilities.WewillbereleasingmanyenhancementstothisSmartScaninupcomingWASversionsincluding,butnotlimitedto;enhancedJSONformatteddatatesting,enhancedURLrewritingsupportalongwithadditionalframeworksupport.*SmartScanwillbeavailableinlimitedreleaseonlyforthefirstphaseofdeploymentandwillonlybeavailableuponrequestfromTechnicalAccountManagers(TAMs).Thisfeaturewillrequireapproval.MinimumdependenciesareWAS4.6,Portal2.12andEngine3.15.Withthisreleasewearealsointroducingadditionalsitemapreportingfunctionalityaswellasvariousbugfixes.FeatureHighlights:

• IntroductionofSmartScan• EnhancedSitemapReporting• EnhancedOptionProfileScopeSelection

SmartScanSmartScanallowsforenhancedandadvancedscanningofAJAXheavywebapplicationsalongwithenhancedsupportforSinglePageApplications(SPA)andalsoadvancedframeworkssuchasAngularJSandbootstrap.WealsoareintroducingenhancedsupportforGoogleWebToolkit(GWT)andDirectWebRemoting(DWR)aswell.Pleasenotethatthisisourfirstphaseandlimitedreleaseofthesenewfeaturesandcapabilities.WewillbereleasingmanyenhancementstothisSmartScaninupcomingWASversionsincluding,butnotlimitedto;enhancedJSONformatteddatatesting,enhancedURLrewritingsupportalongwithadditionalframeworksupport.*SmartScanwillbeavailableinlimitedreleaseonlyforthefirstphaseofdeploymentandwillonlybeavailableuponrequestfromTechnicalAccountManagers(TAMs).

Page 2: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

Thisfeaturewillrequireapproval.MinimumdependenciesareWAS4.6,Portal2.12andEngine3.15.OptionProfileCreateDialogWhencreatinganewprofile,iftheSmartScanoptionhasbeenenabledforthecustomer,theScanParametersstepwilldisplayanewsectionSmartScanSupport,thatwillexplaintouserwhatthefeatureisaboutandwillproposeacheckboxtoenablethefeature.Iftheusercheckstheoption,anadditionalsettingSmartScanDepthwillbedisplayed,withsomeexplanationoftheroleofthatsetting.Thedefaultvalueforthatsettingwillbesetto5.

Page 3: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

TheReviewAndConfirmstepwilldisplaytheoptionsselectedbyuser:-Ifuserenabledtheoption:

-Ifuserlefttheoptiondisabled:

Page 4: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

OptionProfileViewDialogJustlikethereviewstep,theScanParametersstepinoptionprofileViewdialogwilldisplaythevaluesselectedfortheSmartScanoptions.-Ifuserenabledtheoption:

-Ifuserlefttheoptiondisabled:

Page 5: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

OptionProfileEditDialogThesamestepwillbeavailable,butthistimewiththeEnableSmartScanSupportcheckboxcheckediftheoptionhasbeenpreviouslyenabled.Inthiscase,theSmartScanDepthsettingwillalsobedisplayed,withpropervaluealreadysetfortheprofile.

OptionProfileSaveAsTheSmartScansettingswillbealsocopiedoverwhenauserperformsaSaveAsactionfromthedatalistorfromtheoptionprofileview/editdialogs.ExistingProfilesAllexistingprofileswillhavetheEnableSmartScanSupportoptiondisabledbydefault.TheSmartScanDepthvaluewillbesetto5.

Page 6: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

EnhancedSitemapReportingWAS4.6nowallowsthecustomertheabilitytodownloadallURLsforasiteviatheSitemapfeatureandnothavetonavigatetoeachbranchofthesitemapindividually.WebApplication/ScanSitemapDialogThedialogusedtodisplaythesitemapforscansandwebapplicationswillhaveanewExportSitemapbuttonnowalwaysenabled.

Uponclicking,anExportSitemapLinksdialogwillbedisplayed,proposingtotheusertheformattobeusedtodownloadthesitemaplinks.Theformatandtimezonefieldsselectedbydefaultwilldependonuserpreferencesassetintheirprofile.

Page 7: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

Formatofthedownloadedcontentsisthesamewhendownloadingcurrentpage,theonlydifferenceisthatthistimeallthelinkswillbedownloadedwiththeirabsolutepath.Columnswillthereforebe:

Page 8: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

EnhancedOptionProfileScopeSelectionWhencreatingoreditinganOptionProfile,underSearchCriteria->DetectionScope;ifwechoose"Custom"previouslyanerrormessageimpliedthatausermustenteran"include"searchlist.Youcouldhavestillenteredan"exclude"searchlisttoexcludeonly,butthelocationofthiserrormessagewasconfusing.Wehavecorrectedandenhancedthisfunctionality.OptionProfileDialogTheSearchCriteria>DetectionScopesectionhasbeenupdatedasfollows:

• Texthasbeenaddedtointroducetousertheoption.

• ADetectioncomponenthasreplacedthe“focusthescantospecificvulnerabilities”,andproposestheoptionsCompletevs.Customasadropdownelementinsteadofradiobuttons.

InCreationmode,theoptionselectedbydefaultisComplete.

Inbothcreationandeditmode,whentheuserselectsCustom,thefollowingelementsaredisplayedbelowtheDetectioncomponent:

• Thesearchliststoinclude• Thesearchliststoexclude• Anadditionaltextmessageabovethesearchliststoexclude,thatexplains

howtheexcludedsearchlistswillbeused

Page 9: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

IftheuserclickstheNextbutton,thevalidationisperformed,andifnosearchlistshavebeenselected:

• The2searchlistscomponentsarehighlightedinred• Anerrormessageisdisplayedontopofsearchliststoincludecomponentto

requestusertospecifyatleastonesearchlist

Page 10: Qualys WAS 4.6 New Features...• Introduction of SmartScan • Enhanced Sitemap Reporting • Enhanced Option Profile Scope Selection SmartScan SmartScan allows for enhanced and advanced

By selecting at least one search list, the error message is removed and the two search lists are be marked as valid.


Top Related

Qualys guard rollout guide

Qualys guard rollout guide

Qualys CloudView User Guide · Welcome to Qualys CloudView! We’ll help you get acquainted with the Qualys solutions for securing your AWS resources using the Qualys Cloud Security

Qualys CloudView User Guide · Welcome to Qualys CloudView! We’ll help you get acquainted with the Qualys solutions for securing your AWS resources using the Qualys Cloud Security

Qualys Web Application Scanner Guide

Qualys Web Application Scanner Guide

Qualys Certificate View - betta-security.com.ua · 4 About this Guide About Qualys About this Guide Welcome to Qualys Certificate View! Certificate View provides discovery, assessment,

Qualys Certificate View - betta-security.com.ua · 4 About this Guide About Qualys About this Guide Welcome to Qualys Certificate View! Certificate View provides discovery, assessment,

SmartScan 8000 Installation Guide

SmartScan 8000 Installation Guide

Cloud Platform 8.10 Release Notes - Qualys · Qualys 8.10 Release Notes This new release of the Qualys Cloud Suite of Security and Compliance Applications includes improvements to

Cloud Platform 8.10 Release Notes - Qualys · Qualys 8.10 Release Notes This new release of the Qualys Cloud Suite of Security and Compliance Applications includes improvements to

Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc. //nullcon.net

Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc. //nullcon.net

Qualys Gateway Service User Guide · Qualys Gateway Service (QGS) is a packaged virtual appliance developed by Qualys that provides proxy services for Qualys Cloud Agent deployments

Qualys Gateway Service User Guide · Qualys Gateway Service (QGS) is a packaged virtual appliance developed by Qualys that provides proxy services for Qualys Cloud Agent deployments

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS