I’m pleased to announce that WAS Engine 8.7 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.
This update includes the following changes:
- Added new vulnerability tests:
- QID 150346 for detecting Debug Mode in web applications using Laravel frameworks.
- QID 154090 for Joomla Core vulnerabilities in Joomla 3.2.0-3.9.24
- Support for scanning web applications over IPv6.
- Implemented a validation expression for use with brute force login testing.
- Improved Swagger/OpenAPI file parsing.
- Improved Postman handling of GET requests.
- Identify DOM XSS when local storage is used by web applications to store data.
- Replaced terminology in reports. Whitelists/Blacklists in QIDs 150021, 150010, 150018, and 150104 will now be referred to as Include/Exclude in new scans.
- Passive Smart Scan Optimization improvements.
- Detection of Windows file protocol present in HTML.
As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.