Qualys Web Application Scanning Engine 8.14 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.
This update includes the following changes:
- Detection for Personally Identifiable Information collected in web applications (IG QID 150375)
- Vulnerability Detection for Adobe Experience Manager Content Management Systems
- Passive banner check improvements for identifying web application technologies
- Path based / Directory traversal power mode support (Pending UI changes for activation in Portal 3.10)
- Report re-authentication status in IG 150431
- Replace CSRF token after re-authentication and other CSRF token improvements
- WAS engine crawling improvement to identify and test Fetch API requests
- Reporting improvements for QIDs 150263 (Insecure Transport) and 150243 (ASP.Net debugging enabled) to report response headers
- Improvements to click-jacking reporting
- Reporting improvements to QID 150020 (Links Rejected By Crawl Scope or Exclusion List)
- Reporting of Selenium scripts timing-out messages in QID 150100 (Selenium Diagnostics)
- CMS detection improvements
As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.