Detailed Web Application Scanner Information - QualysGuard WAS

Logo	Scanner	Version	Build		Vendor
	QualysGuard WAS	2014-01-21	Update		Qualys, Inc.

Tested Against WAVSEP Version:

1.5

Product Details:

Accurate Version	License / Technology	Last Update	Source Code Activity
2014-01-21 (GA) Build Update	Commercial Unknown (Linux)	21-01-2014

General Features:

GUI	Config	Usage	Stability	Performance	Report	ScanLog	Pause	Session
	Simple	Simple	Very Stable	Very Fast

Authentication, Control and Connection Features:

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

Coverage Features:

C
O
U
N
T

Manual
Crawl

URL
File

Html
Crawler

Ajax
Crawler

Flash
Crawler

Applet
Crawler

Silverlight
Crawler

WSDL
Crawler

REST
Crawler

Field
Autofill

Smart
Autofill

Anti
CSRF
Support

Viewstate
Support

CAPTCHA
Bypass

WAF
Bypass

Input Vector Support:

C
O
U
N
T

G
E
T

P
O
S
T

C
O
O
K
I
E

H
E
A
D
E
R

S
E
C
R
E
T

P
N
a
m
e

X
M
L

X
m
l
A
T
T

X
m
l
T
A
G

J
S
O
N

.
N
e
t
E
N
C

A
M
F

J
a
v
a
S
E
R

.
N
e
t
S
E
R

W
C
F

W
C
F
-
B
i
n

W
e
b
S
o
c
k

D
W
R

C
u
s
t
o
m

Audit Features:

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

Complimentary Audit Features:

WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
				Proxy support through the local appliance features, manual crawling supported via selenium scripts. Can be defined to scan specific URLs (and thus, the URL file feature was checked).

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy

Chart

63.24% Detection Rate
0.00% False Positives

(86/136)
(0/10)

The Reflected XSS Detection Accuracy of the Scanner:

Detection Accuracy

Chart

50.00% Detection Rate
0.00% False Positives

(33/66)
(0/7)

The WIVET Score of the Scanner:

WIVET Score

Chart

92.00% Detection Rate

Additional Audit Features:

Flash XSS, Clickjacking, NullByte Poisoning, Generic Vulnerabilities, Numerous Passive Analysis, Hardening and vulnerable-CGI plugins, Network Scanning Features, password bruteforcing. Generic application plugins classified as either web application or web server plugins.

Additional Features:

Proxy support through the local appliance features, manual crawling supported via selenium scripts. Can be defined to scan specific URLs (and thus, the URL file feature was checked).

Overview:

None