AnsweredAssumed Answered

Discarding jpg jpeg css js and other files

Question asked by Cristiano Corrado on Jan 27, 2016

Good morning,

 

I am trying to sort the problem of the Time Limited Reached for the web application scanner, as our websites are very big and with numerous links to images,stylesheets,javascripts and other files which are not really relevant for web application assessments.

 

I am aware of the option in Qualys to avoid the scan of zip pdf and doc files, but it looks like is the only 3 extensions it avoids to perform a scan upon while I think it hits all the other files that are irrelevant for an assessment.

Now as I have problems with the performances and the "Time Limited Reached" I think it might be possible that the scanner is stuck with these kind of files and hence it never finishes the scan of an application.

 

I tried to enumerate and spider manually the applications and finding all of the urls that contains jpg js gif png css woff jpeg flv and submitting it to the Blacklist URL option per web application.

 

This is a very daunting task due to the quantity of applications I need to scan and manage. Would there be another way to perform this like regex (and how?), and how reliable are they?

 

I am also here kindly asking for more info related to the scanning of those files from the appliance and if my way to avoid this is the best or there is a best solution and more suggestion in general.

 

Waiting to hear from you soon, many regards,


Cristiano Corrado

Outcomes