Getting accurate and timely information about the security posture of all web applications is a big challenge for most organizations. It can be difficult to ensure that up to the minute vulnerability information that is targeted to the right audience is delivered on time and consistently across all stakeholders. With Qualys WAS 4.2, organizations now have the ability to easily deliver targeted web application security metrics to all the stakeholders including the CSO, application owners, quality assurance personnel and developers. Qualys WAS 4.2 combines the power of report templates to target specific audiences with the metrics they need, with the consistent delivery of scheduled reporting to enable the complete automation a successful web application security program needs to ensure the protection of all an organizations web properties.
Feature highlights include: Scheduled reporting that brings consistency and visibility to your web application scanning program, dashboard customizations to ensure each user is viewing just the right set of metrics, and enhancements to managing authentication records saving you time and effort.
Qualys WAS 4.2 will be released in production in July with the exact date depending on the platform. Details about the release schedule are at the end of this blog post.
Scheduled Reporting: Qualys WAS 4.2 introduces scheduled reporting to bring consistency and visibility into the metrics that drive your web application scanning program. Schedule custom report templates that target audiences including information security management, application owners, quality assurance teams and developers with just the information they need. Custom reports can be delivered daily, weekly or on the period schedule that is right for your organization. Never forget to send that critical report to someone again – just schedule it and forget it.
Default Report Format: You can now set the default format for downloading reports. This saves you time since you don’t need to select your favorite format each time you download your report. Just edit your profile settings – select My Profile under your user name (in the top right corner).
Default Report Format
Enhancements to Date Display: We have made enhancements to display dates in the same format across the WAS application, including Start Date, End Date, Next Launch Date, etc. All dates are now displayed in this format: 18 May 2015 11:45AM GMT-0700
Dashboard Customization: With this release users can now customize their WAS dashboard to focus on areas of interest – certain web applications and environments. For example, perhaps you would like to create custom dashboards that focus on various production environments. It’s easy to do and you can even set a custom dashboard as the default for your account.
Set default scan cancel option on each web app: We’ve updated the Cancel Option for this release. Now WAS lets you configure a default scan cancel option per web application. Also when launching or scheduling a scan you can choose to use the default web app setting or override it with a custom setting. This is especially useful to customize the cancel time for each web app during MultiScans.
Default Scan Cancel Option on Web App
Authentication Management Enhancements
New authentication record status and tracking info: Get details on how many web apps have been tested with the authentication record and the latest status. Makes it easy to see authentication records that may need to be updated, saving you time and effort.
Authentication Record Status and Tracking Info
More info in the authentication records datalist report: We added authentication scan status, number of web apps, and last tested date.
Authentication records datalist report
New action log tracks authentication status: The Action Log appears in the authentication record view (select the record from the list, then View from the Quick Actions menu). Here you’ll see logs related to change in authentication status.
Action log tracks authentication status
Quickly find related web apps, scans and schedules: You’ll see a new Find option in the Quick Actions menu. This lets you find objects where the authentication record is defined – web applications, scans, schedules.
Find related web apps, scans and schedules
For details about the release dates for specific platforms and to subscribe to release notifications by email, please see the following: