Hello all -
WAS Engine 6.5 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the WAS scanning engine. This update includes the following changes.
- Improved detection capability for path-based vulnerability (QID 150004) when a 302 redirect occurs.
- New informational QID for an insecurely-configured X-XSS-Protection header (QID 150205).
- Addressed XSS false negatives when response code is 500.
- When parsing a Swagger file, path parameters are now extracted and used for fuzzing.
- Added error handling to catch invalid path fuzzing rules.
- Scanner now has better recognition of authentication loss during the crawl phase.
- Added support for IndexedDB to internal browser engine.
- Applied patches to internal browser engine to improve crawling for certain apps.
- Implemented multi-threading for time-based tests for better efficiency & performance.
- Added limit to the number of instances reported for verbose error message (QID 150022).
- Capped the number of redundant WebSocket links that are reported under informational QID 150167.