qualys was 4.6 new features...• introduction of smartscan • enhanced sitemap reporting •...
TRANSCRIPT
Qualys WAS 4.6 New Features WewelcomesomelongawaitedexcitingnewfeatureswithWAS4.6.TheyareencompassedinwhatwecallSmartScan.SmartScanallowsforenhancedandadvancedscanningofAJAXheavywebapplicationsalongwithenhancedsupportforSinglePageApplications(SPA)andalsoadvancedframeworkssuchasAngularJSandbootstrap.WealsoareintroducingenhancedsupportforGoogleWebToolkit(GWT)andDirectWebRemoting(DWR)aswell.Pleasenotethatthisisourfirstphaseandlimitedreleaseofthesenewfeaturesandcapabilities.WewillbereleasingmanyenhancementstothisSmartScaninupcomingWASversionsincluding,butnotlimitedto;enhancedJSONformatteddatatesting,enhancedURLrewritingsupportalongwithadditionalframeworksupport.*SmartScanwillbeavailableinlimitedreleaseonlyforthefirstphaseofdeploymentandwillonlybeavailableuponrequestfromTechnicalAccountManagers(TAMs).Thisfeaturewillrequireapproval.MinimumdependenciesareWAS4.6,Portal2.12andEngine3.15.Withthisreleasewearealsointroducingadditionalsitemapreportingfunctionalityaswellasvariousbugfixes.FeatureHighlights:
• IntroductionofSmartScan• EnhancedSitemapReporting• EnhancedOptionProfileScopeSelection
SmartScanSmartScanallowsforenhancedandadvancedscanningofAJAXheavywebapplicationsalongwithenhancedsupportforSinglePageApplications(SPA)andalsoadvancedframeworkssuchasAngularJSandbootstrap.WealsoareintroducingenhancedsupportforGoogleWebToolkit(GWT)andDirectWebRemoting(DWR)aswell.Pleasenotethatthisisourfirstphaseandlimitedreleaseofthesenewfeaturesandcapabilities.WewillbereleasingmanyenhancementstothisSmartScaninupcomingWASversionsincluding,butnotlimitedto;enhancedJSONformatteddatatesting,enhancedURLrewritingsupportalongwithadditionalframeworksupport.*SmartScanwillbeavailableinlimitedreleaseonlyforthefirstphaseofdeploymentandwillonlybeavailableuponrequestfromTechnicalAccountManagers(TAMs).
Thisfeaturewillrequireapproval.MinimumdependenciesareWAS4.6,Portal2.12andEngine3.15.OptionProfileCreateDialogWhencreatinganewprofile,iftheSmartScanoptionhasbeenenabledforthecustomer,theScanParametersstepwilldisplayanewsectionSmartScanSupport,thatwillexplaintouserwhatthefeatureisaboutandwillproposeacheckboxtoenablethefeature.Iftheusercheckstheoption,anadditionalsettingSmartScanDepthwillbedisplayed,withsomeexplanationoftheroleofthatsetting.Thedefaultvalueforthatsettingwillbesetto5.
TheReviewAndConfirmstepwilldisplaytheoptionsselectedbyuser:-Ifuserenabledtheoption:
-Ifuserlefttheoptiondisabled:
OptionProfileViewDialogJustlikethereviewstep,theScanParametersstepinoptionprofileViewdialogwilldisplaythevaluesselectedfortheSmartScanoptions.-Ifuserenabledtheoption:
-Ifuserlefttheoptiondisabled:
OptionProfileEditDialogThesamestepwillbeavailable,butthistimewiththeEnableSmartScanSupportcheckboxcheckediftheoptionhasbeenpreviouslyenabled.Inthiscase,theSmartScanDepthsettingwillalsobedisplayed,withpropervaluealreadysetfortheprofile.
OptionProfileSaveAsTheSmartScansettingswillbealsocopiedoverwhenauserperformsaSaveAsactionfromthedatalistorfromtheoptionprofileview/editdialogs.ExistingProfilesAllexistingprofileswillhavetheEnableSmartScanSupportoptiondisabledbydefault.TheSmartScanDepthvaluewillbesetto5.
EnhancedSitemapReportingWAS4.6nowallowsthecustomertheabilitytodownloadallURLsforasiteviatheSitemapfeatureandnothavetonavigatetoeachbranchofthesitemapindividually.WebApplication/ScanSitemapDialogThedialogusedtodisplaythesitemapforscansandwebapplicationswillhaveanewExportSitemapbuttonnowalwaysenabled.
Uponclicking,anExportSitemapLinksdialogwillbedisplayed,proposingtotheusertheformattobeusedtodownloadthesitemaplinks.Theformatandtimezonefieldsselectedbydefaultwilldependonuserpreferencesassetintheirprofile.
Formatofthedownloadedcontentsisthesamewhendownloadingcurrentpage,theonlydifferenceisthatthistimeallthelinkswillbedownloadedwiththeirabsolutepath.Columnswillthereforebe:
EnhancedOptionProfileScopeSelectionWhencreatingoreditinganOptionProfile,underSearchCriteria->DetectionScope;ifwechoose"Custom"previouslyanerrormessageimpliedthatausermustenteran"include"searchlist.Youcouldhavestillenteredan"exclude"searchlisttoexcludeonly,butthelocationofthiserrormessagewasconfusing.Wehavecorrectedandenhancedthisfunctionality.OptionProfileDialogTheSearchCriteria>DetectionScopesectionhasbeenupdatedasfollows:
• Texthasbeenaddedtointroducetousertheoption.
• ADetectioncomponenthasreplacedthe“focusthescantospecificvulnerabilities”,andproposestheoptionsCompletevs.Customasadropdownelementinsteadofradiobuttons.
InCreationmode,theoptionselectedbydefaultisComplete.
Inbothcreationandeditmode,whentheuserselectsCustom,thefollowingelementsaredisplayedbelowtheDetectioncomponent:
• Thesearchliststoinclude• Thesearchliststoexclude• Anadditionaltextmessageabovethesearchliststoexclude,thatexplains
howtheexcludedsearchlistswillbeused
IftheuserclickstheNextbutton,thevalidationisperformed,andifnosearchlistshavebeenselected:
• The2searchlistscomponentsarehighlightedinred• Anerrormessageisdisplayedontopofsearchliststoincludecomponentto
requestusertospecifyatleastonesearchlist
By selecting at least one search list, the error message is removed and the two search lists are be marked as valid.