Qualys WAS Engine 8.28 Released

Qualys Web Application Scanning Engine 8.28 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.

This update includes the following changes, features, and improvements:

• QID 150055 – Command Injection – improvements to detection logic
• QID 150307 – External Service Interaction via HTTP Header Injection – improvements to add delay to requests to reduce inconsistent test results
• QID 150258 Renamed to Out Of Band Vulnerability Via External DNS
• Brute Force Login improvements to avoid filtering true detection as false positives
• Session cookie detection improvements to better identify session related cookies
• Postman Collection changes to handle base URL with empty responses
• Detection improvements to prevent false positives in QID 150315 – NoSQL Injection

As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.

Happy Scanning.