WillB

QualysGuard WAS 2.4 API Notification for EU: December 18, 2012

Blog Post created by WillB on Dec 3, 2012

A release of QualysGuard® Web Application Scanning 2.4 with a new report creation API method will be available in production in the EU on December 18, 2012. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 20:00 GMT and 08:00 AM GMT next day.

 

QualysGuard WAS 2.4 includes one new report creation method to the API services which were first made available in the 2.2 release. This notification provides an early preview of this new method.

 

Report Creation API

The Report Creation API has been added to the WAS Report API to allow you to create WAS reports based on security information collected by the most recent scans of your web applications. Using the Report Creation API you can create these reports: Web Application Report, Scan Report, Scorecard Report and Catalog Report. For each report you can choose one of these formats: HTML (ZIP), Web Archive (HTML), PDF, PDF Encrypted, XML, CVS, Microsoft Word (DOC) and PowerPoint (PPT).

 

Full details regarding these updates will be available in the WAS API User Guide on the day of the release.

 

Example: Create a web application report in encrypted PDF format, setting both tags and web applications for the target.

 

Request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp_report" < file.xml

 

 

Note: “file.xml” contains the request POST data below:

 

Request POST Data:

 

<ServiceRequest>

  <data>

    <Report>

      <name><![CDATA[My Web Application Report]]></name>

        <description><![CDATA[A simple WebApp report]]></description>

        <format>PDF_ENCRYPTED</format>

        <password>PASSWORD</password>

        <distributionList>

          <set>

            <EmailAddress>EMAIL ADDRESS</EmailAddress>

            <EmailAddress>EMAIL ADDRESS</EmailAddress>

          </set>

        </distributionList>

        <type>WAS_WEBAPP_REPORT</type>

        <config>

          <webAppReport>

            <target>

              <tags>

                <Tag>

                  <id>243130</id>

                </Tag>

                <Tag>

                  <id>243132</id>

                </Tag>

                </tags>

                <webapps>

                  <WebApp>

                    <id>532510</id>

                  </WebApp>

                  <WebApp>

                    <id>532601</id>

                  </WebApp>

                </webapps>

              </target>

              <display>

                <contents>

                  <WebAppReportContent>DESCRIPTION</WebAppReportContent>

                  <WebAppReportContent>SUMMARY</WebAppReportContent>

                  <WebAppReportContent>GRAPHS</WebAppReportContent>

                  <WebAppReportContent>RESULTS</WebAppReportContent>

                </contents>

                <graphs>

              <WebAppReportGraph>VULNERABILITIES_BY_GROUP</WebAppReportGraph>

              <WebAppReportGraph>VULNERABILITIES_BY_OWASP</WebAppReportGraph>

               <WebAppReportGraph>VULNERABILITIES_BY_WASC</WebAppReportGraph>

                </graphs>

                <groups>

                  <WebAppReportGroup>GROUP</WebAppReportGroup>

                  <WebAppReportGroup>OWASP</WebAppReportGroup>

                  <WebAppReportGroup>WASC</WebAppReportGroup>

                </groups>

                <options>

                  <rawLevels>true</rawLevels>

                </options>

                </display>

                <filters>

                  <searchlists>

                    <SearchList>

                      <id>43147</id>

                    </SearchList>

                    </searchlists>

                    <url>http://www.mysite.com/help.html</url>

                    <status>

                      <WebAppFindingStatus>ACTIVE</WebAppFindingStatus>

                      <WebAppFindingStatus>REOPENED</WebAppFindingStatus>

                    </status>

                  </filters>

                </webAppReport>

              </config>

            </Report>

        </data>

     </ServiceRequest>

 

 

Response:

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">

<responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <Report>

      <id>2629</id>

    </Report>

  </data>

</ServiceResponse>

 

 

 

To receive more information on QualysGuard WAS 2.4, please visit the Qualys Community at https://community.qualys.com or contact your Technical Account Manager or Qualys' Technical Support Department at support@qualys.com.

Outcomes