View the vulnerabilities blocked by WAF

WAS detections and reports now display vulnerabilities blocked by Qualys WAF, for a Web Application that is a shared asset in WAS and WAF. To get started enable the ScanTrust option to allow Qualys scanners to seamlessly scan the web application through the WAF and enhance assessment and reporting. You can easily set this up in WAS or WAF.

Note that the ScanTrust feature should be enabled in your Qualys subscription before you can use it. Once enabled, the ScanTrust option is visible in WAS if the web application is protected by WAF.

Interested in getting ScanTrust enabled for your subscription? Please contact Qualys Support or Technical Account Manager.

WAS module

ScanTrust option in Scan Settings pane when you create or edit a web application.

WAF module

ScanTrust option in Policies pane when you edit a web application in WAF module.

Once you allow Qualys scanners to perform these scans, be sure to select the Enable Authentication option when launching your vulnerability scan in WAS.

Enable Authentication option in Scan Settings pange when you launch a new scan,

In WAS detections, use the Protected filter to view the vulnerabilities blocked by Qualys WAF.

Protested filter in filter pane of Detection list tab.

Enable the Protected filter in WAS reports to view the vulnerabilities blocked by Qualys WAF.

Vulnerability fitlers in Filter pane when you edit a report.