Qualys Blog

www.qualys.com
Frank Catucci

Qualys WAS 4.2 New Features

Getting accurate and timely information about the security posture of all web applications is a big challenge for most organizations.  It can be difficult to ensure that up to the minute vulnerability information that is targeted to the right audience is delivered on time and consistently across all stakeholders.  With Qualys WAS 4.2, organizations now have the ability to easily deliver targeted web application security metrics to all the stakeholders including the CSO, application owners, quality assurance personnel and developers.  Qualys WAS 4.2 combines the power of report templates to target specific audiences with the metrics they need, with the consistent delivery of scheduled reporting to enable the complete automation a successful web application security program needs to ensure the protection of all an organizations web properties.

Feature highlights include:  Scheduled reporting that brings consistency and visibility to your web application scanning program, dashboard customizations to ensure each user is viewing just the right set of metrics, and enhancements to managing authentication records saving you time and effort.

Qualys WAS 4.2 will be released in production in July with the exact date depending on the platform.  Details about the release schedule are at the end of this blog post.

Reporting Enhancements

Scheduled Reporting:  Qualys WAS 4.2 introduces scheduled reporting to bring consistency and visibility into the metrics that drive your web application scanning program.  Schedule custom report templates that target audiences including information security management, application owners, quality assurance teams and developers with just the information they need.  Custom reports can be delivered daily, weekly or on the period schedule that is right for your organization.  Never forget to send that critical report to someone again – just schedule it and forget it.

Scheduled Reporting

new_sched_report

new_sched_report_notification

Default Report Format:  You can now set the default format for downloading reports. This saves you time since you don’t need to select your favorite format each time you download your report. Just edit your profile settings – select My Profile under your user name (in the top right corner).

Default Report Format

edit-usr-prof

Def-rep-form

Enhancements to Date Display:  We have made enhancements to display dates in the same format across the WAS application, including Start Date, End Date, Next Launch Date, etc.  All dates are now displayed in this format: 18 May 2015 11:45AM GMT-0700

Dashboard Enhancements

Dashboard Customization:  With this release users can now customize their WAS dashboard to focus on areas of interest – certain web applications and environments. For example, perhaps you would like to create custom dashboards that focus on various production environments. It’s easy to do and you can even set a custom dashboard as the default for your account.

Dashboard Customization

custom_dashboard1

custom_dashboard2

custom_dashboard3

Scanning Enhancements

Set default scan cancel option on each web app:  We’ve updated the Cancel Option for this release. Now WAS lets you configure a default scan cancel option per web application. Also when launching or scheduling a scan you can choose to use the default web app setting or override it with a custom setting.  This is especially useful to customize the cancel time for each web app during MultiScans.

Default Scan Cancel Option on Web App

cancel_scan_web_app

cancel_scan_sched

Authentication Management Enhancements

New authentication record status and tracking info: Get details on how many web apps have been tested with the authentication record and the latest status.  Makes it easy to see authentication records that may need to be updated, saving you time and effort.

Authentication Record Status and Tracking Info

auth_records_list

More info in the authentication records datalist report: We added authentication scan status, number of web apps, and last tested date.

Authentication records datalist report

auth_record_datalist_report

New action log tracks authentication status: The Action Log appears in the authentication record view (select the record from the list, then View from the Quick Actions menu). Here you’ll see logs related to change in authentication status.

Action log tracks authentication status

auth_record_view

Quickly find related web apps, scans and schedules: You’ll see a new Find option in the Quick Actions menu. This lets you find objects where the authentication record is defined – web applications, scans, schedules.

Find related web apps, scans and schedules

auth_record_find

Release Schedule

For details about the release dates for specific platforms and to subscribe to release notifications by email, please see the following:

Qualys WAS 4.2 Release Notification – Available July 16th, 2015 on US Platform 1

Qualys WAS 4.2 Release Notification – Available July 13th, 2015 on US Platform 2

Qualys WAS 4.2 Release Notification – Available July 15th, 2015 on EU Platform

Leave a Reply