Adding a new Web Application to scan in Qualys Total AppSec App

This page demonstrates the necessary steps to create a Web Application in Qualys TotalAppSec Application, making it available for discovery and vulnerability scanning.

Prerequisites:

Qualys subscription with Qualys WAS or Qualys TotalAppSec licence
Privileges to create new Web Applications - typically WAS Manager role
Basic information about the web application to be added:
FQDN, protocol and port to access it: e.g. https://testapp.domain.com scans on port 443/tcp and enforces HTTPS protocols, while http://testapp.domain.com:8080 uses unencrypted HTTP protocol and accesses application in port 8080/tcp
Is the app accessible from the Qualys Cloud scanners or only from within the internal network?
Is any authentication required to log in to the web application for meaningful discover and scan?

Steps

In Qualys, go to the WAS or Total App Sec section and click on the ‘Applications’ module. Then, click ‘New Web App’.

Basic Information

Fill in application name and the FQDN.

Assign tags to the application.

Crawl Settings

Choose crawling settings. The defaults are usually fine, unless your application is complex or constrained to a subset of directories.

If you have a Selenium script, you can upload it to help Qualys better understand your app.

Additional information

You can set settings however you like. The best way to discuss the scope of this is with the web application owner.

Review and save and can

You can finally save the web app or initiate a scan. The Discovery scan doesn’t probe for vulnerabilities.

Related Articles
How to use 1Password to share secrets with anyone securely
You can securely share copies of passwords and other items you’ve saved in 1Password with anyone, even if they don’t use 1Password. When you share an item, you’ll get a unique link that you can send to others. Choose when the link expires and who ...

Added a new Web Application to scan in Qualys Total AppSec App