Qualys Web Application Scanning Engine 8.24 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.
This update includes the following changes, features, and improvements:
- Cookies will be reported in event of virtual scanner appliance issue
- CSRF detection improvement to avoid reporting on forms that return empty responses
- CSRF detection improvement to avoid false positives against forms that return 400 response
- Improvements to XSS testing in cookies
- Improvements to QID 150010 (External Links Dsicovered) to report full links
- Improvements to QID 150124 (Clickjacking – Framable Page) to avoid reporting on 403 responses
- Improvements for reporting ‘same action’ URI for different parameters
As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.