WillB

QualysGuard WAS 2.4 API Notification for US (updated)

Blog Post created by WillB on Nov 1, 2012

A release of QualysGuard® Web Application Scanning 2.4 with a new report creation API method will be available in production in the US on December 13*, 2012. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PST (20:00 GMT) and 12 AM PST (08:00 AM GMT next day).

 

*Update: Due to the recent identification of additional platform dependencies the release date has been moved to December 13th to accomodate additional quality assurance testing and ensure a high quality release.  We regret any inconvenience related to this change in schedule.

 

QualysGuard WAS 2.4 includes one new report creation method to the API services which were first made available in the 2.2 release. This notification provides an early preview of this new method.

 

Report Creation API

The Report Creation API has been added to the WAS Report API to allow you to create WAS reports based on security information collected by the most recent scans of your web applications. Using the Report Creation API you can create these reports: Web Application Report, Scan Report, Scorecard Report and Catalog Report. For each report you can choose one of these formats: HTML (ZIP), Web Archive (HTML), PDF, PDF Encrypted, XML, CVS, Microsoft Word (DOC) and PowerPoint (PPT).

 

Full details regarding these updates will be available in the WAS API User Guide on the day of the release.

 

Example: Create a web application report in encrypted PDF format, setting both tags and web applications for the target.

 

Request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp_report" < file.xml

 

 

Note: “file.xml” contains the request POST data below:

 

Request POST Data:

 

<ServiceRequest>

  <data>

    <Report>

      <name><![CDATA[My Web Application Report]]></name>

        <description><![CDATA[A simple WebApp report]]></description>

        <format>PDF_ENCRYPTED</format>

        <password>PASSWORD</password>

        <distributionList>

          <set>

            <EmailAddress>EMAIL ADDRESS</EmailAddress>

            <EmailAddress>EMAIL ADDRESS</EmailAddress>

          </set>

        </distributionList>

        <type>WAS_WEBAPP_REPORT</type>

        <config>

          <webAppReport>

            <target>

              <tags>

                <Tag>

                  <id>243130</id>

                </Tag>

                <Tag>

                  <id>243132</id>

                </Tag>

                </tags>

                <webapps>

                  <WebApp>

                    <id>532510</id>

                  </WebApp>

                  <WebApp>

                    <id>532601</id>

                  </WebApp>

                </webapps>

              </target>

              <display>

                <contents>

                  <WebAppReportContent>DESCRIPTION</WebAppReportContent>

                  <WebAppReportContent>SUMMARY</WebAppReportContent>

                  <WebAppReportContent>GRAPHS</WebAppReportContent>

                  <WebAppReportContent>RESULTS</WebAppReportContent>

                </contents>

                <graphs>

              <WebAppReportGraph>VULNERABILITIES_BY_GROUP</WebAppReportGraph>

              <WebAppReportGraph>VULNERABILITIES_BY_OWASP</WebAppReportGraph>

               <WebAppReportGraph>VULNERABILITIES_BY_WASC</WebAppReportGraph>

                </graphs>

                <groups>

                  <WebAppReportGroup>GROUP</WebAppReportGroup>

                  <WebAppReportGroup>OWASP</WebAppReportGroup>

                  <WebAppReportGroup>WASC</WebAppReportGroup>

                </groups>

                <options>

                  <rawLevels>true</rawLevels>

                </options>

                </display>

                <filters>

                  <searchlists>

                    <SearchList>

                      <id>43147</id>

                    </SearchList>

                    </searchlists>

                    <url>http://www.mysite.com/help.html</url>

                    <status>

                      <WebAppFindingStatus>ACTIVE</WebAppFindingStatus>

                      <WebAppFindingStatus>REOPENED</WebAppFindingStatus>

                    </status>

                  </filters>

                </webAppReport>

              </config>

            </Report>

        </data>

     </ServiceRequest>

 

 

Response:

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">

<responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <Report>

      <id>2629</id>

    </Report>

  </data>

</ServiceResponse>

 

 

 

To receive more information on QualysGuard WAS 2.4, please visit the Qualys Community at https://community.qualys.com or contact your Technical Account Manager or Qualys' Technical Support Department at support@qualys.com.

Outcomes