Get Started with WAS

You'll quickly be able to identify web applications vulnerabilities and manage security risks.

Let's get started!

1) Tell us the web applications you want to scan

Just go to Web Applications, select New Web Application and enter the URL for the web application.

2) Launch a discovery scan

Note - To run internal scans you'll need to configure a scanner appliance within your network - a physical or virtual appliance. Learn more

It's best to do a discovery scan first - go to Scans > Scan List and select New Scan > Discovery Scan.

A discovery scan performs information gathered checks only (forms detected, external links found, etc). This is a good way to learn where the scan will go and whether there are URIs to be added to exclude list for a vulnerability scan. Learn more

With a discovery scan:

- No vulnerability checks are performed.

- We'll perform information gathered checks (QIDs) and report the findings in your scan results if included in your scan settings. (These QIDs must be selected in the detection scope of your option profile.)

- We'll perform these checks and report the findings in your scan results if included in your scan settings. (These checks must be selected in the detection scope of your option profile.)

View the discovery scan report when your scan is finished. Go to Scans > Scan List, select your scan and choose View Report from the Quick Actions menu. Scroll down to Results, then Information Gathered and drill down to see detection details. Be sure to check out these QIDs (Qualys IDs): 150009 Links Crawled and 150021 Scan Diagnostics.

3) Launch a vulnerability scan

We'll perform vulnerability assessment of your web application. Just go to Scans > Scan List and select New Scan > Vulnerability Scan. You can launch a scan now or schedule it for later. Learn more

When your scan is finished, be sure to view the vulnerability scan report. Go to Scans > Scan List, select your scan and choose View Report from the Quick Actions menu. Scroll down to Results, and drill down to the detection details under Vulnerabilities, Information Gathered and Sensitive Contents (if any).

4) Check out your dashboard

Your dashboard shows the current security status of your web applications based on the latest scan results. Learn more

5) Create reports

There are several reports available. Just go to Reports, select New Report and select a report type - Web Application Report, Scan Report, Scorecard Report, Catalog Report. We support templates for report customization. Learn more

Want to know more?

Did you know? You can change the first page that appears when you access this module. Just choose Home Page under your user name (in the top right corner).