Hi,
I have an application say www.abc.com which has around 100 urls inside. On click of one of the URL, the application navigates to another url www.xyz.com which again has 100 urls inside.
If i run the vulnerability scan for www.abc.com all the urls for www.xyz.com are excluded from the scan list.Is there a way to configure this in Qualys WAS so that for 1 scan all the urls (total 200) are attacked?
Or should i run seperate scan for www.abc.com and www.xyz.com
Sharmila,
In short yes just takes a little extra work.
Edit your application and go to the section Application Details, in that section normally the default is to set the application to crawl scope at and below the current URL. Right under that you can add explicit URLS to crawl.
My recommendation is to add the URLs under the explicit URLs to crawl then right a discovery and review the sitemap. That should help you confirm that your configuration is correct.
You may also want to change the Crawl Scope too Limit to URL hostname and specified domains; then you can add subdomains under that.
Please let us know if that helps.
David