AnsweredAssumed Answered

Vulnerability scan on other links in the application

Question asked by Sharmila J on May 4, 2018
Latest reply on May 4, 2018 by Shyam Raj

Like • Show 1 Like1
Comment • 2

Hi,

I have an application say www.abc.com which has around 100 urls inside. On click of one of the URL, the application navigates to another url www.xyz.com which again has 100 urls inside.

If i run the vulnerability scan for www.abc.com all the urls for www.xyz.com are excluded from the scan list.Is there a way to configure this in Qualys WAS so that for 1 scan all the urls (total 200) are attacked?

Or should i run seperate scan for www.abc.com and www.xyz.com

Busby May 4, 2018 3:28 AM

Correct Answer

Sharmila,

In short yes just takes a little extra work.

Edit your application and go to the section Application Details, in that section normally the default is to set the application to crawl scope at and below the current URL. Right under that you can add explicit URLS to crawl.

My recommendation is to add the URLs under the explicit URLs to crawl then right a discovery and review the sitemap. That should help you confirm that your configuration is correct.

You may also want to change the Crawl Scope too Limit to URL hostname and specified domains; then you can add subdomains under that.

Please let us know if that helps.

David

See the reply in context

No one else had this question

Outcomes

Busby May 4, 2018 3:28 AM

Sharmila,

In short yes just takes a little extra work.

My recommendation is to add the URLs under the explicit URLs to crawl then right a discovery and review the sitemap. That should help you confirm that your configuration is correct.

You may also want to change the Crawl Scope too Limit to URL hostname and specified domains; then you can add subdomains under that.

Please let us know if that helps.

David

Actions

Shyam Raj

May 4, 2018 5:42 AM

Sharmila, I'll suggest that you take a look at the business logic of these applications. If the applications have different business logic, you should add them as separate applications. That way you'll also have control over your reports.

Also, check out this video - the process of defining applications is explained very well: https://vimeo.com/194596460

And, I also recommend discussing this with your TAM on how to best add these applications in your account.

1 person found this helpful

Actions

2 Replies

Busby May 4, 2018 3:28 AM
Unmark Correct
Correct Answer
Sharmila,

In short yes just takes a little extra work.

Edit your application and go to the section Application Details, in that section normally the default is to set the application to crawl scope at and below the current URL. Right under that you can add explicit URLS to crawl.

My recommendation is to add the URLs under the explicit URLs to crawl then right a discovery and review the sitemap. That should help you confirm that your configuration is correct.

You may also want to change the Crawl Scope too Limit to URL hostname and specified domains; then you can add subdomains under that.

Please let us know if that helps.
David
Like • Show 0 Likes0
Actions
Shyam Raj May 4, 2018 5:42 AM
Mark Correct
Correct Answer
Sharmila, I'll suggest that you take a look at the business logic of these applications. If the applications have different business logic, you should add them as separate applications. That way you'll also have control over your reports.

Also, check out this video - the process of defining applications is explained very well: https://vimeo.com/194596460

And, I also recommend discussing this with your TAM on how to best add these applications in your account.
1 person found this helpful
Like • Show 1 Like1
Actions

Vulnerability scan on other links in the application

Outcomes

Related Content

Recommended Content