What is the meaning of 'Links In Queue' on Preview when I clicked specific scan on Scan List?
It's not only to this item, Online help is a lack of content on WASv2.
I ask Qualys document team to piece out the help contents.
If you are refering to the 'links in queue' count - this represents an internal count of links that the scanner has identified as 'possible' testing targets. However, the scan engine may decide after some testing that the links are basically identical to other links and therefore testing them will only increase time, not provide any additional value in testing. So the scanner can test them, but the scanner may decide based on optimizations that there is no value in testing them. This can be true if links are determined to exercise the same functionality as previously tested links, etc.
Some web applications include links that are dynamically generated. An example is an app with URLs that look like:
In this case the last directory name is randomized - so there are different URLs or 'links'. But the scanner may determine that the applications performs the exact same functionality for each of these links. So testing one of these is sufficient - there is no need to test all of them. The application may produce an unlimited number of these links, and trying to test them all is really just a waste of time since they all exercise the same application logic. So while the 'links in queue' count would include all of the links above, only the ones the scan engine determines are unique will be included in testing.
So this doesn't represent a limitation of the scanner - rather the links in queue count is one that doesn't usually reflect the 'unique links' left to be tested. As I mentioned previously we plan to remove this count from the user interface in an upcoming release and are reviewing options for including metrics that bring more value/insight to customers.
Thank you for your inquiry and sorry for the delay in responding.
The "Links in queue" count was intended to provide additional information about URL/Parameter combinations (links) that had been discovered by WAS as 'in scope' for the web application but had not yet been visited. However, there are a number of optimizations that WAS may perform that will eliminate many of these links as redundant (same as previously tested links). This makes the number presented have less meaning and we have found it can actually be confusing to users.
We will be removing this count and we're investigating what metrics we can share with customers to provide them with additional information about the coverage of the web application scanning. Upcoming releases planned for Q4 of this year will provide a more visual site map representation of the scanning coverage which we believe will help customers better visualize the coverage.
Hope this helps - if there are other areas in which you would like our documentation team to provide more detail please let us know. We would like to direct our limited resources to those areas that will most benefit you.
Thank you for your comment.
But I couldn't imagine rule of count.
Would it be possible to show me as specific example?
My apologies, I am not sure I understood what you mean by 'rule of count'. Can you please expand on what you would like to have the example of?
I am not sure if you are asking for a specific example of what the issues are with the current 'links in queue' count or if you are asking what a specific example of other metrics we might provide. Or possibly something else?
I apologize that the content of inquiry was worse.
Why are these links not crawled even though these links are discovered in score by WAS about item of "Links in queue" ?
- Consist of web application is complicated
- Defect or lack of technical in scan engine
or other reason...
Thank you for detailed explanation.
I understood well.
Retrieving data ...