Can some one explain me the way active status is set, please?
This, as last scan made today has tested but not detect the QID.
We are currently working on giving a much more detailed history of the three fields that indicate:
Currently there can be confusion because the last time tested may or may not accurately reflect the last time that link or specific test was performed. For example if the link was unreachable or the test could not be performed, for any number of reasons including auth failure, app change, etc., it was not actually tested as shown.
In a near future release of WAS you will see a history link included just below those three criteria. This will give you much more insight into the specific finding and the last time it was seen and why or why not it was tested since. This is currently in development and will be available soon.
We apologize for any confusion.
So even if it's written "Last Time Tested", QualysGuard WAS has tried to test, but the resource may not be delivered by the web server so the test may be not accurate, or not really made (in a security point of view I mean)?
There are indeed different cases where a scan could have been conducted, here are some of them:
- The scan completed with Time Limit Exceeded - in such case we cannot say if the scan engine had time to test or not the vulnerability
- The scan has been run in an authentication context different than the time the vulnerability has been detected - To quickly summarize, for each vulnerability we keep an instance for each authentication record you have used to test the vulnerability. Let's say that if you have launched different scans, some with an authentication record, and some without, the vulnerability will be associated with 2 instances, one with the authentication record and one without. In order for the vulnerability to make it Fixed, you would then launch a scan for each case, so that we ensure the 2 instances are fixed.
This solution was indeed quite complex to understand and make it clear, so with the very next WAS module release, we will fully address all this confusuion by implementing a new logic for our scan results consolidation.
To explain a bit, we will keep a record for each scan performed on the web application regarding each vulnerability. When you then take a look at the vulnerability in Detections datalist of from a web application report you will be able to access the History section which looks as following:
You see that we will provide a record for each scan, obviously when the vulnerability has been detected, but also when the vulnerability has not been detected, and furthermore when the vulnerability could not have been tested. With the last 2 cases the specific reason will be provided to let you understand why we said we could not test or detect the vulnerability. This will be possible thanks to a new version of our scan engine which provides such details.
We hope that with this new solution everything will be clarified. It should be available around December.
Thanks Axel. This feature look great.
Information will be clearer really.
Retrieving data ...