Qualys WAS Engine 8.11 Released

Qualys Web Application Scanning Engine 8.11 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.

This update includes the following changes:

• Support for handling token expiration and refresh during a scan
• Increased Selenium Script timeouts for slow loading web apps
• Report “Click Paths” for vulnerabilities
• Detection Improvements:
  • Improvements to CMS detection to reduce total requests made in identification
  • Improvements to Open Redirect detection to improve accuracy
• Reporting Improvements:
  • QID 150148 – AJAX Links Crawled will now report Smart Scan / AJAX optimizations
  • QID 150176 – JavaScript Libraries Detected will now support reporting multiple jQuery versions in single applications
• New QIDs:
  • 38794 – Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server Supports Transport Layer Security (TLSv1.1)
  • 150324 – Atlassian Jira Server and Data Center Information Disclosure vulnerability
  • 150353 – Same-Site Scripting Detection
  • 150354 – Apache Struts 2 Double OGNL Evaluation Vulnerability (CVE-2020-17530)
  • 150355 – Oracle WebLogic Server Multiple Vulnerabilities (April – July 2021)
  • 150356 – Sensitive File Disclosure
  • 150366 – Apache Tomcat Authentication Vulnerability (CVE-2021-30640) 
  • 154099 – Drupal Core Security Update (SA-CORE-2021-001)

As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.

Happy scanning.