This release of the Qualys Cloud Platform version 2.39 includes updates and new features for Out-of-Band Configuration Assessment (OCA), Vulnerability Management, and Web Application Scanning, highlights as follows.
Out-of-Band Configuration Assessment (OCA)
Updated Description - The description for OCA is changed to 'Extend security and compliance to inaccessible asset' to better reflect the enhanced use cases offer by this application.
Vulnerability Management
Trending uses Include/Exclude Filters in Dashboard - Widget trending now supports the recently introduced Include/Exclude filters, for example, excluding Fixed vulnerabilities in trending widgets.
Web Application Scanning
Enhanced Crawling - A new setting is available in a WAS option profile that can potentially improve scan coverage. With enhanced crawling enabled, the scanner will load and render individual directories associated with the web application. This can lead to discovery of additional content to be scanned.
Full HTTP Requests - WAS now provides the full HTTP request made by the scanner for vulnerabilities such as XSS and SQL injection. This improvement was done to help with reproduction and remediation of scan findings.
Default Report Template - When creating a report, the default report template for the report type is now used. For example, when selecting 'View Report' from the quick actions menu for a scan, the default template for a scan report will be used. When selecting 'View Report' for a web application, the default template for a web application report will be used.
API updates are also included with this release:
Qualys Cloud Platform 2.39 API Notification 1
The specific day for deployment will differ depending on the platform. Release Dates will be published on the Qualys Status page when available.
For more details about the above features - please review the release notes. Release notes will be posted as soon as they are available on the Qualys Suite Release Notes page.
Related
Attachments
Original document
Permalink
Disclaimer
Qualys Inc. published this content on 24 June 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 25 June 2019 01:02:06 UTC
Qualys, Inc. is a provider of a cloud-based platform delivering information technology (IT), security and compliance solutions. The Companyâs integrated suite of IT, security and compliance solutions delivered on Qualys' Enterprise TruRisk Platform enables its customers to identify and manage their IT and operational technology (OT) assets, collect, and analyze large amounts of IT security data, recommend, and implement remediation actions and verify the implementation of such actions. It provides its solutions through a software-as-a-service model, primarily with renewable annual subscriptions. Its cloud platform offers an integrated suite of solutions that automates the lifecycle of asset discovery and management, security and compliance assessments, and remediation for an organizationâs IT infrastructure and assets, whether such infrastructure and assets reside inside the organization, on their network perimeter, on endpoints or in the cloud.