QualysGuard(R) WAS API User Guide
Contents
1. lt HEADERS gt lt HEADER KEY Referer gt lt CDATA T http localhost 00 gt lt HEADER gt lt HEADER KEY Cookie gt lt CDATA cookie3 cookiethree cookie2 cookietwo cookiel cookieone PHPSESSID 34 6e3909391063e3449e203efaefa224 gt lt HEADER gt lt HEADERS gt lt REQUEST gt lt RESPONSE gt lt CONTENTS base64 true gt lt CDATA PEhUTUw CiAgPEhFQUQ CiAgPC9IRUFEPgogIDxCTORZPgogIDwvQk 9EWT4KPC9IVEIMPg gt lt Gl CONTENTS gt lt RESPONSE gt lt PAYLOAD gt lt PAYLOADS gt lt SENSITIVE_CONTENT gt lt APPENDIX gt Qualys Web Application Scanning API 271 Chapter 10 Progressive Scanning Scan Report lt SCAN_LIST gt lt SCAN gt ID 2005 10 10 26 23 7 9 40 1 WAS lt NA 3 6 46 1 E gt lt CDATA VULN SCAN ODE gt Vulnerability lt MOD TYPE gt Manual lt TYPE gt lt PROFILE gt lt lt SCANNER gt External Signatures IP E gt lt WEB_APPLICATION gt lt CDATA 10 10 26 238 One gt lt WEB_APPLICA Good One gt lt AUTHEN CDATA CC SSN 10 20 21 3160 Dies 10 10 26 238 2 gt lt NAM bi v REFERENCE gt was 1412697001370 1789435 lt REFERENCE gt2. tz lt ScorecardReportGraph gt VULNERABILITIES_BY_WASC lt ScorecardReportGrap h gt lt graphs gt lt groups gt lt scorecardReportGroup gt GROUP lt ScorecardReportGroup gt lt ScorecardReportGroup gt OWASP lt ScorecardReportGroup gt lt ScorecardReportGroup gt WASC lt ScorecardReportGroup gt lt groups gt lt options gt lt rawLevels gt false lt rawLevels gt lt options gt lt display gt lt filters gt lt searchlists gt lt SearchList gt lt id gt 43147 lt id gt lt SearchList gt lt SearchList gt lt id gt 43147 lt id gt lt SearchList gt lt searchlists gt lt scanDate gt lt startDate gt 2012 08 28 lt startDate gt lt endDate gt 2012 10 28 lt endDate gt lt scanDate gt lt scanStatus gt NO_HOST_ALIVE lt scanStatus gt lt scanAuthStatus gt NONE lt scanAuthStatus gt lt filters gt lt scorecardReport gt lt config gt lt Report gt lt data gt lt ServiceRequest gt 204 Qualys Web Application Scanning API Chapter 7 Report Creation API Scorecard Report Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was report xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 4629 lt id gt lt Repor
3. xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt WasScanSchedule gt lt id gt 171425669 lt id gt lt name gt lt CDATA Web Application Vulnerability Scan 2014 Aug 19 gt lt name gt lt owner gt lt id gt 8792415669 lt id gt lt owner gt lt active gt false lt active gt 132 Qualys Web Application Scanning API lt type gt VULN lt target gt lt profil lt webApp gt Chapter 5 Schedule API Search schedules ERABILITY lt type gt lt id gt 1296335669 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt C lt webApp gt lt webAppAuth lt id gt 17553 DATA http 10 10 1 100 gt lt url gt Record gt 5669 lt id gt lt name gt lt CDATA AR1 gt lt name gt lt webAppAut lt scannerApp hRecord gt liance gt lt type gt EXT ERNAL lt type gt lt scannerAppliance gt lt target gt lt profile gt lt id gt 7163156 69 lt id gt lt name gt lt CDATA Copy of Initial WAS Options gt lt name gt e gt lt scheduling gt lt startDa lt timeZone gt te gt lt code gt Ame 2014 08 19T12 30 002Z lt startDate gt rica Dawson lt code gt lt offse lt timeZo lt
4. 122 Qualys Web Application Scanning API Element data type Chapter 4 Scan API Reference WasScan Description summary The scan summary lt crawlTime gt is the length of time used to crawl the web application lt testDuration gt is the length of time used to perform analysis lt nbRequests gt is the number of requests sent during the scan lt authStatus gt is the authentication status NONE NOT_USED SUCCESSFUL FAILED or PARTIAL Example lt summary gt lt crawlTime gt 22 0 lt crawlTime gt lt testDuration gt 112 0 lt testTime gt lt linksCrawled gt 17 lt linksCrawled gt lt nbRequests gt 3814 lt nbRequests gt lt os gt Windows XP SP2 lt os gt lt resultsStatus gt RESULTS_PROCESSED_SUCCESSFULLY lt re sultsStatus gt lt authStatus gt NO_AUTH lt authStatus gt lt summary gt vulns The list of detected vulnerabilities Each lt WasScanVuln gt element identifies a particular vulnerability QID and the URI where detected each lt WasScanVulnInstance gt element identifies a vulnerability instance and each lt WasScanVulnInstancePayload gt element identifies associated payloads igs The detected information gathered Each lt WasScanlg gt element identifies a particular information gathered QID sensitiveContents The detected sensitive content Each lt WasScanSensitiveContent gt element identifies a particular sensitive content QID and the URI where detected each
5. Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt OptionProfile gt lt name gt lt CDATA My Option Profile All Fields gt lt name gt lt formSubmission gt BOTH lt formSubmission gt lt maxCrawlRequests gt 200 lt maxCrawlRequests gt lt performance gt LOW lt performance gt lt bruteforceOption gt USER_DEFINED lt bruteforceOption gt lt parameterSet gt lt id gt 15669 lt id gt lt parameterSet gt lt isDefault gt true lt isDefault gt lt ignoreBinaryFiles gt true lt ignoreBinaryFiles gt lt userAgent gt lt CDATA Mozilla 5 0 Windows NT 6 2 WOW64 AppleWebKit 537 36 KHTML like Gecko Chrome 27 0 1453 116 Qualys Web Application Scanning API 225 Chapter 8 Option Profile API Create a new option profile Safari 537 36 gt lt userAgent gt lt tags gt lt set gt lt Tag gt lt id gt 75521225669 lt id gt lt Tag gt lt set gt lt tags gt lt sensitiveContent gt lt customContents gt zip code lt customContents gt lt sensitiveContent gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA Some Comment gt lt contents gt lt Comment gt lt set gt lt comments gt lt bruteforceList gt lt id gt 74005669 lt id gt lt bruteforceList gt lt detection gt lt includedSearchLists gt lt set gt lt SearchList gt lt id gt 3496185669 lt id gt lt SearchList gt lt
6. Scan API Launch a new scan 106 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs ad 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 16954 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt Example 2 Launch a new scan use proxy Launch a new vulnerability scan using proxy ID 12345 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 launch was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WasScan gt lt name gt New WAS Vulnerability Scan launched from API lt name gt lt t ype gt VULNERABILITY lt type gt lt target gt lt webApp gt lt id gt 323126 lt id gt lt webApp gt lt scannerAppliance gt lt type gt Internal lt type gt lt friendlyName gt dp_scanner lt friendlyName gt lt scannerAppliance gt lt proxy gt lt id gt 12345 lt id gt lt proxy gt Qualys Web Application Scanning API Chapter 4 Scan API Launch a new scan lt target gt lt profile gt lt id gt 1021 lt id gt lt profile gt lt WasScan gt lt d
7. curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was wasscanschedule 1747 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 1747 lt id gt lt name gt lt CDATA WEEKLY Weekly Vulnerability Scan Schedule gt lt name gt lt owner gt Qualys Web Application Scanning API 137 Chapter 5 Schedule API Get schedule details lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt active gt false lt active gt lt t ype gt VULNERABILITY lt type gt lt target gt lt webApp gt lt id gt 324265 lt id gt lt name gt lt CDATA Merchant Site gt lt name gt lt url gt lt CDATA http 10 10 25 116 80 merchant 2 2 gt lt url gt lt webApp gt lt scannerAppliance gt lt type gt INTERNAL lt type gt lt friendlyName gt lt CDATA is_quays_js gt lt friendlyName gt lt scannerAppliance gt lt target gt lt profile gt lt id gt 1072 lt id gt lt name gt lt CDATA Initial
8. lt createdBy gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt updatedDate gt 2013 10 18T18 18 012 lt updatedDate gt lt updatedBy gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt WebAppAuthRecord gt lt data gt lt ServiceResponse gt Example 2 Create custom authentication POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was webappauthre cord lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WebAppAuthRecord gt lt name gt lt CDATA CUSTOM auth gt lt name gt lt formRecord gt lt type gt CUSTOM lt type gt lt sslOnly gt true lt sslOnly gt lt fields gt 78 Qualys Web Application Scanning API Chapter 3 Authentication API Create a new authentication record lt set gt lt WebAppAuthFormRecordField gt lt name gt some username lt name gt lt value gt Login lt value gt lt secured gt false lt secured gt lt WebAppAuthFormRecordField gt lt WebAppAuthForm
9. IN true false EQUALS NOT EQUALS User must have the WAS application enabled User must have API Access permission Output includes web applications within the user s scope Qualys Web Application Scanning API 25 Chapter 2 Web Application API Search web applications Examples Example 1 Search no criteria POST Return a list of all the web applications in the user s account Request curl u USERNAME PASSWORD H content type text xml https qualysapi qualys com gps rest 3 0 search was webapp X BOST Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt lastId gt 323103 lt lastId gt lt data gt lt WebApp gt lt id gt 323102 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA https example com gt lt url gt lt owner gt lt id gt 123068 lt id gt lt owner gt lt tags gt lt count gt 3 lt count gt lt tags gt lt createdDate gt 2008 11 22T13 48 032 lt createdDate gt lt updatedDate gt 2011 12 19T13 41 07Z lt updatedDate gt lt WebApp gt lt WebApp gt lt id gt 323103 lt id gt lt name gt l
10. WAS_SCAN_REPORT RESULTS SENSITIVE_CONTENT_LIST SENSITIVE_CONTENT PA YLOADS PAYLOAD RESPONSE CONTENTS WAS_SCAN_REPORT RESULTS VULNERABILITY_LIST VULNERABILITY PAYLOADS P AYLOAD RESPONSE EVIDENCE WAS_SCAN_REPORT RESULTS SENSITIVE_CONTENT_LIST SENSITIVE_CONTENT PA YLOADS PAYLOAD RESPONSE EVIDENCE Information Gathered findings WAS_SCAN_REPORT RESULTS INFORMATION_GATHERED_LIST INFORMATION_GAT HERED DATA Qualys Web Application Scanning API
11. lt ELEMENT POR E PCDATA gt PCDATA gt PCDATA gt Qualys Web Application Scanning API 125 Chapter 4 Scan API Reference WAS Scan Results legacy 126 lt EL URI PCDATA gt lt EL lt EL CONTENT PCDATA gt PARAMS PCDATA gt lt EL lt EL lt EL F F A HHHHHHH FINDINGS FINDING gt FINDING PAYLOAD RESULT gt PAYLOAD PCDATA gt lt ELE F F iN R ESULT PCDATA gt lt ATTLIST RI ESULT base64 true false false gt Qualys Web Application Scanning API CHAPTER Schedule API The WAS Schedule API provides a suite of API functions for managing web application scan schedules across the enterprise These operations are available Current schedule count Search schedules Get schedule details Create a schedule Update a schedule Activate an existing schedule Deactivate an existing schedule Delete one or more existing schedules Download one or more schedules to iCalendar Chapter 5 Schedule API Current schedule count Current schedule count Returns the total number of schedules in the user s account Input elements are optional and are used to filter the number of schedules included in the count URL https qualysapi qualys com gps rest 3 0 count was wassc anschedule Methods al
12. lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 1302 lt id gt lt Report gt lt data gt lt responseCode gt SUCC lt ServiceResponse gt 182 ESS lt responseCode gt Qualys Web Application Scanning API Chapter 6 Report API Update a report Update a report Update the tags assigned to a report which is in the user s scope URL https qualysapi qualys com gps rest 3 0 update was report lt id gt Methods allowed POST Input The elements id Integer and tags complex element are required where id identifies a report and tags identifies tags to be added or removed The element showPatched can be set to filter the report to include not include findings with virtual patches Applies to Web Application Report and Scan Report This filter can be set to SHOW_ONLY show patched findings only SHOW_BOTH show patched amp unpatched findings default SHOW_NONE show unpatched findings only Permissions User must have the WAS application enabled User must have API Access permission User must have Edit Report permission Report must be within the user s scope Example Update a report add a tag Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qua
13. lt list gt lt resultList gt lt severity gt 5 lt severity gt lt url gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20src 3Dh ttps3AS2F 2Flocalhost 2F4 20 gt lt url gt lt status gt ACTIVE lt status gt lt firstDetectedDate gt 2014 12 01T19 43 092 lt firstDetectedDate gt lt lastDetectedDate gt 2014 12 05T19 42 382 lt lastDetectedDate gt lt lastTestedDate gt 2014 12 05T19 42 382 lt lastTestedDate gt lt timesDetected gt 5 lt timesDetected gt lt webApp gt lt id gt 1930868 lt id gt lt name gt lt CDATA 10 10 26 238 443 subuser form sitemap gt lt name gt lt url gt lt CDATA https 10 10 26 238 443 gt lt url gt lt webApp gt lt isIgnored gt false lt isIgnored gt lt externalRef gt lt CDATA aaaaabbbbbccccc gt lt externalRef gt lt Finding gt lt data gt lt ServiceResponse gt 248 Qualys Web Application Scanning API Chapter 9 Finding API Get details of a finding Get details of a finding View details for a finding on a web application which is in the user s scope See Search findings to find a record ID to use as input URL https qualysapi qualys com gps rest 3 0 get was finding id Methods allowed GET Input The element id Integer is required where id identifies a finding WebAppVuln WebApplg or WebAppSensitiveContent Permissions The WAS application must be enabled in the user s accou
14. lt instances gt element identifies a sensitive content instance and each lt WasScanSensitiveContentInstancePayLoad gt element identifies associated payloads stats The statistics gathered by the scan the total number of vulnerabilities the number of vulnerabilities by severity level information gathered by severity level and the number of vulnerabilities by group OWASP and WASC Qualys Web Application Scanning API 123 Chapter 4 Scan API Reference WAS Scan Results legacy Reference WAS Scan Results legacy 124 You have the option to retrieve web application scan results in legacy format WAS v2 and earlier using the webapp_scan dtd see Retrieve the results of a scan You can download this DTD by going to https qualysapi qualys com webapp_scan dtd where qualysapi is the API server URL where your account is located lt xml version 1 0 encoding UTF 8 gt lt QUALYS WEB APPLICATION SCAN lt ELEMENT WEB_APPLICATION_SCAN A FI lt ELEMENT ERROR PCDATA gt DTD gt RROR HEADER SUMMARY ESULTS gt IED gt lt ATTLIST ERROR number CDATA IMP E lt GENERIC SS EADER gt lt ELEMENT HEA U USER_INFO gt lt ELEMENT NAME PCDATA gt ER NAME GENERATION_DATETIME COMPANY_INFO lt ELEMENT GENE
15. lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D 252 Qualys Web Application Scanning API Chapter 9 Finding API Get details of a finding http 3A 2F 2Flocalhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJ1lcjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va2lld6hyZWU7IGNvb2tpZTI9Y29va2lldHdvoyBjb29raw UxPWNvb2tpZW9UZTSGgUEhQUOVTUOLEPTJJYTMxOTKSY2VLYTBmMZIZNDRhMZgyNZEZ MWJmYTAxOwOK gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt list gt lt payloads gt lt Result gt lt list gt lt resultList gt lt severity gt 5 lt severity gt lt url gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20src 3Dh ttpS3AS2FS2Flocalhost 2F4 20 gt lt url gt lt status gt ACTIVE lt status gt lt firstDetectedDate gt 2014 12 01T19 43 09Z lt firstDetectedDate gt lt lastDetectedDate gt 2014 12 05T19 42 382 lt lastDetectedDate gt lt lastTestedDate gt 2014 12 05T19 42 382 lt lastTestedDate gt lt timesDetected gt 5 lt timesDetected gt lt webApp gt lt id gt 1930868 lt id gt lt name gt lt CDATA 10
16. lt type gt STANDARD lt type gt Qualys Web Application Scanning API 75 Chapter 3 Authentication API Create a new authentication record lt sslOnly gt true lt sslOnly gt lt fields gt lt set gt lt WebAppAuthFormRecordField gt lt name gt username lt name gt lt value gt Login lt value gt lt WebAppAuthFormRecordField gt lt WebAppAuthFormRecordField gt lt name gt password lt name gt lt value gt Login with password lt value gt lt WebAppAuthFormRecordField gt lt set gt lt fields gt lt formRecord gt lt tags gt lt set gt lt Tag gt lt id gt 152743 lt id gt lt Tag gt lt set gt lt tags gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA some comments gt lt contents gt lt Comment gt lt set gt lt comments gt lt WebAppAuthRecord gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebAppAuthRecord gt 76 Qualys Web Application Scanning API Chapter 3 Authentication API Create a new authentication record lt id gt 80149 lt id gt lt name gt lt CDATA STANDARD auth gt lt name gt lt
17. 1 0 encoding UTF 8 gt lt Ser inst xsi 4 3 lt S viceResponse xmlns ance xsi http www w3 org 2001 XMLSchema noNamespaceSchemaLocation https qualysapi qualys com qps xs 0 was optionprofile xsd gt lt responseCode gt SUCC lt count gt 30 lt count gt rviceResponse gt Qualys Web Application Scanning API ESS lt responseCode gt 215 Chapter 8 Option Profile API Current option profile count Example 2 Count criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 count was optionprofile lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field id operator IN gt 832265669 832295669 832285669 lt Criteria gt lt Criteria field name operator CONTAINS gt OP lt Criteria gt lt Criteria field tags operator NONE gt lt Criteria gt lt Criteria field createdDate operator LESSER gt 2014 09 09 lt Criteria gt lt Criteria field updatedDate operator LESSER gt 2014 09 09 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys co
18. CDATA Cross Site Scripting gt lt name gt lt url gt lt CDATA http projects webappsec org w page 13246920 WASC gt lt url gt lt code gt 8 lt code gt lt WASC gt lt list gt lt wasc gt lt param gt lt CDATA accountcorp gt lt param gt lt resultList gt lt count gt 1 lt count gt lt list gt lt Result gt lt authentication gt false lt authentication gt lt accessPath gt lt count gt 1 lt count gt lt list gt lt Url gt lt CDATA https 10 10 26 238 gt lt Url gt lt list gt 250 Qualys Web Application Scanning API lt accessPath gt lt payloads gt Chapter 9 Finding API Get details of a finding lt count gt 5 lt count gt lt list gt lt PayloadIn lt payload gt lt CDATA PATH FIL stance gt E test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F 2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJlcjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va2lldGhyZWU7IGNvb2tpZTI9Y29va2lldHdvoyBjb29raw UxPWNvb2tpZwW9uZTsgUEhQUOVTUOLEPWO3YTBLYWI5SNZNhOTIyNWE2NJkZOD1JMj1Ih ZWVhYTR1OwOK gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt pay
19. CHAPTER Welcome Welcome to Qualys Web Application Scanning API Several functional suites are available to support WAS scanning and reporting Get Started Introduction to the WAS API Paradigm Review important information about the WAS API framework Base URL to the Qualys API Server Learn the basics about making API requests The base URL depends on the platform where your Qualys account is located We ll tell you about the method used for authentication API requests must authenticate using Qualys credentials How to Download Vulnerability Details We ll walk you through the steps using the KnowledgeBase API You can download vulnerability descriptions and recommended fixes Get API Notifications We recommend you join our Community and subscribe to our API notifications so you ll get email notifications telling you about important upcoming API enhancements and changes From our Community Join our Community Subscribe to API Notifications select Receive email notifications Chapter 1 Welcome Introduction to the WAS API Paradigm Introduction to the WAS API Paradigm The new Qualys WAS API framework introduces numerous innovations and new functionality compared to the other Qualys API frameworks Request URL The URL for making API requests respects the following structure https lt baseurl gt qps rest 3 0 lt operation gt lt module gt lt object gt lt object_id gt where the components ar
20. Example 2 Search criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was finding lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 243 Chapter 9 Finding API Search findings Request POST Data lt ServiceRequest gt lt preferences gt lt limitResults gt 1000 lt limitResults gt lt verbose gt true lt verbose gt lt preferences gt lt filters gt lt Criteria field id operator EQUALS gt 1137289 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchemainstance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt Finding gt lt id gt 1137289 lt id gt lt qid gt 150013 lt qid gt lt name gt lt CDATA Browser Specific Cross Site Scripting Vulnerabilities gt lt name gt lt type gt VULNERABILITY lt type gt lt group gt XSS lt group gt lt cwe gt lt count gt 1 lt count gt lt list gt lt long gt 79 lt long gt lt list gt lt cwe gt lt owasp gt lt count gt 1 lt count gt lt list
21. Only regular expressions are accepted for this element You must provide regular expressions for the element postDataBlackList tags lt element gt Element must not be set The tags element does not apply for this request tags set Element must contain at least one child At least one sub element must be provided for the element tag set Tag id Element is required Provide a value for the element Tag id Tag id Invalid value value Value must be an integer set at least to 1 Tag Tag specified by ID lt id gt does not exist or is not available Provide a value for the element id that corresponds to a valid tag Qualys Web Application Scanning API 275 Appendix A Error Messages Sample Messages Criteria 276 Sample messages for errors related to criteria are shown below Error Message Resolution Element Validation Criteria Field is required Specify the name of the criteria to search against Criteria Invalid criteria lt field name gt Please search against one of the following criteria S Criteria Invalid operator for criteria lt field gt lt operator gt Allowed operations for this criteria are s Criteria Value is required for criteria lt field gt Specify a value for a field name for search criteria Criteria Invalid value format for criteria lt field gt lt value gt Boolean true false Date an
22. Request POST data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS gt Merchant lt Criteria gt lt Criteria field id operator GREATER gt 323000 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt Qualys Web Application Scanning API Chapter 2 Web Application API Delete web applications lt count gt 3 lt count gt lt data gt lt WebApp gt lt id gt 323126 lt id gt lt WebApp gt lt WebApp gt lt id gt 324256 lt id gt lt WebApp gt lt WebApp gt lt id gt 323476 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 55 Chapter 2 Web Application API Purge web applications Purge web applications All dates must be entered in UTC date time format Purges a web application which is in the user s scope URL https qualysapi qualys com gps rest 3 0 purge was webapp or https qualysapi qualys com gps rest 3 0 purge was webapp lt filters gt Methods allowed POST Input The id Integer element is required where id identifies a web application Additional elements are optional
23. See Reference WebApp for descriptions of all lt WebApp gt elements id Integer createdDate Date name Text updatedDate Date url Text isScheduled Boolean tags name Text isScanned Boolean tags id Integer lastScan status Keyword SUBMITTED RUNNING FINISHED ERROR or CANCELLED lastScan date Date Permissions User must have the WAS application enabled User must have API Access permission User must have Purge Web Asset permission Web application must be within the user s scope 56 Qualys Web Application Scanning API Chapter 2 Web Application API Purge web applications Examples Example 1 Purge single POST Purge the web application that has the ID 32420 Request curl u USERNAME PASSWORD H content type text xml https qualysapi qualys com gps rest 3 0 purge was webapp 32420 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 32420 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt Example 2 Purge bulk POST Purge web applications in the user s account that have a name with the word Mer
24. Text lastTestedDate Date severity Integer timesDetected Integer externalRef String Tip Use operator IS EMPTY for findings with empty external references Qualys Web Application Scanning API 241 Chapter 9 Finding API Search findings Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS IS EMPTY use with externalRef only Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Permissions The WAS application must be enabled in the user s account User must have API Access permission Output contains findings on web applications within the user s scope Examples Example 1 Search no criteria POST Return a list of all findings in the user s scope Request curl u USERNAME PASSWORD H content type text xml X POST https qualysapi qualys com qps rest 3 0 search was finding Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 100 lt count gt lt hasMoreRecords gt true lt hasMoreRecords gt lt lastId gt 39271 lt lastId gt lt data gt lt Finding gt lt id gt 5665 lt id gt lt qid gt 150016 lt qid gt lt name gt lt CDATA Sensitive Con
25. UrlEntry gt lt set gt lt postDataBlacklist gt lt useRobots gt ADD_PATHS lt useRobots gt lt useSitemap gt true lt useSitemap gt lt headers gt lt set gt lt WebAppHeader gt X TTP REQUESTED BY Qualys Test lt WebAppHeader gt lt set gt lt headers gt lt WebApp gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 324377 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 51 Chapter 2 Web Application API Update a web application Example 3 Update set default cancel time POST Set the default cancel scan option for web application ID 2392272 Scans of this web application will be set to cancel at 10pm by default Request curl u USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 update was webapp 23922 72 lt file xml Note file xml contains the request POST data Request POST data file xml lt ServiceRequest gt lt data gt lt WebApp gt lt name g
26. Web Vulnerability Scan 2011 02 23 gt lt name gt lt reference gt was 1298475533625 20931 lt reference gt lt type gt VULNERABILITY lt type gt lt mode gt ONDEMAND lt mode gt Qualys Web Application Scanning API 97 Chapter 4 Scan API Search scans 23 gt lt name gt lt profile gt lt id gt 1072 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt launchedDate gt 2011 02 23T16 38 532 lt launchedDate gt lt launchedBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt launchedBy gt lt status gt FINISHED lt status gt lt WasScan gt lt WasScan gt lt id gt 13116 lt id gt lt name gt lt CDATA Relaunch Vulnerability Scan 2011 02 lt reference gt was 1298558684177 21009 lt reference gt lt type gt VULNERABILITY lt type gt lt mode gt ONDEMAND lt mode gt lt profile gt lt id gt 1072 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt launchedDate gt 2011 02 24T15 44 442 lt launchedDate gt lt launchedBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt launchedBy gt lt status gt FINISH
27. data binary https qualysapi qualys com qps rest 3 0 cancel was wasscan 168 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 168 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 117 Chapter 4 Scan API Delete an existing scan Delete an existing scan Delete an existing scan on a web application which is in the user s scope You can delete any scan in your account that is not running URL https qualysapi qualys com gps rest 3 0 delete was wassca n lt id gt or https qualysapi qualys com qps rest 3 0 delete was wassca n Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScan for descriptions of these lt WasScan gt elements id Integer type Keyword DISCOVERY or VULNERABILITY name Text mode Keyword MANUAL SCHEDULED or API webApp name Text s
28. id gt lt Report gt lt data gt Example 2 Delete reports criteria POST Delete reports matching one or both of these criteria 1 reports with names that contain the string to be deleted and 2 reports that are completed having the status COMPLETED Request curl u USERNAME PASSWORD H data binary content type text xml X POST https qualysapi qualys com qps rest 3 0 delete was report lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field name deleted lt Criteria gt lt Criteria field status operator 186 operator CONTAINS gt to be EQUALS gt COMPLE Fl E lt Criteria gt Qualys Web Application Scanning API Chapter 6 Report API Delete one or more existing reports lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was report xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 1542 lt id gt lt Report gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 187 Chapter 6 Report API Reference Report Reference Report
29. id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt createdDate gt 2013 10 18T18 26 402 lt createdDate gt lt updatedBy gt lt id gt 45941 lt id gt Qualys Web Application Scanning API 35 Chapter 2 Web Application API Create a web application 36 lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt updatedDate gt 2013 10 18T18 26 402 lt updatedDate gt lt WebApp gt lt data gt lt ServiceResponse gt Example 2 Create with 1 authentication record POST Create anew web application called My Web Application that has the starting URL http mywebapp com and has 1 authentication record Request curl u USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was webapp lt file xml Note file xml contains the request POST data Request POST data lt ServiceRequest gt lt data gt lt WebApp gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt authRecords gt lt set gt lt WebAppAuthRecord gt lt id gt 77350 lt id gt lt WebAppAuth
30. set gt lt includedSearchLists gt lt excludedSearchLists gt lt set gt lt SearchList gt lt id gt 3496175669 lt id gt lt SearchList gt lt SearchList gt lt id gt 3496165669 lt id gt lt SearchList gt lt set gt lt excludedSearchLists gt lt detection gt lt OptionProfile gt lt data gt lt ServiceRequest gt 226 Qualys Web Application Scanning API Chapter 8 Option Profile API Create a new option profile Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt OptionProfile gt lt id gt 832275669 lt id gt lt name gt lt CDATA My Option Profile All Fields gt lt name gt lt owner gt lt id gt 8792415669 lt id gt lt username gt acme_cg lt username gt lt firstName gt lt CDATA Cindy gt lt firstName gt lt lastName gt lt CDATA Green gt lt lastName gt lt owner gt lt isDefault gt true lt isDefault gt lt tags gt lt count gt 1 lt count gt lt list gt lt Tag gt lt id gt 75521225669 lt id gt lt name gt lt CDATA Business Units gt lt name gt lt Tag gt lt list gt lt tags gt lt formSubmission gt BOTH lt formSubmission gt lt maxCrawlRequests gt 200
31. with operator NONE name Text webApp tags id Integer owner id updatedDate Date created Date Date invalid Boolean active Boolean lastScan with operation NONE type Keyword DISCOVERY or VULNERABILITY lastScan launchedDate Date webApp name Text lastScan status keyword SUBMITTED RUNNING FINISHED ERROR CANCELLED webApp id Integer Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Qualys Web Application Scanning API 131 Chapter 5 Schedule API Search schedules Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the user s scope Examples Example 1 List schedules never launched criteria GET Request curl u USERNAME PASSWD https qualysapi qualys com qps rest 3 0 search was wasscanschedu le lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field lastScan operator NONE gt lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance
32. www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was report xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt 200 Qualys Web Application Scanning API Chapter 7 Report Creation API Scan Report lt Report gt lt id gt 3629 lt id gt lt Report gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 201 Chapter 7 Report Creation API Scorecard Report Scorecard Report A Scorecard Report ranks the vulnerability of your web applications Input for this report Allowed input elements are listed below See Reference Report Creation for descriptions of these elements target tags Tag display contents ScorecardReportContent get tag 8 play P filters searchlists SearchList display graphs ScorecardReportGraph filters scanDate DatetimeRange display groups ScorecardReportGroup filters scanStatus display options WasScanConsolidatedStatus rawLevels filters scanAuthStatus WasScanAuthStatus Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN 202 Qualys Web Application Scanning API Chapter 7 Report Creation API Scorecard Report Example Create a scorecard report Create a scorecard report in PD
33. BEGIN CERTIFICATE MIIC44jCCAkugAwI BAgIJAPU Kw6GX2aMMA0GCSqGS Ib 3DQEBBQUAMIGJMQswCQYD VOOGEWJGU jEPMA0GA1UECAwGRnJhbmN 1MREwDwYDVQQHDAhUb3Vsb3VzZTEPMAOG A1UECgwGUXVhbH1 zMRUwEWYDVQQLDAxRdWF seXMgVGV jaC4xDTALBgNVBAMMBE5p Y28xHzAdBgkqhkiG9wO0BCQEWEG5iaXp1QHF1YWx5cy5 jb20wHhcNMTExMDA1Mj1Ix EE END CERTIFICATE are BEGIN RSA PRIVATE KEY MIICXAIBAAKBgQC4SiB HaNxQtwQUt ot 867MxTP1PQAQh7VyHIdBs037eafpd8B 6 apHhihOJw0zr2RzcWniUUhhpvwL4apG470 RzkIKSNu4h9akHgGA5b0Pe0ZasrE7B MxUZWNf 9dfrY JIXOmdaPce0i4w4zZR PabXDy5Mg 9ONEUKS 3AONCHk7acwIDAQAB AoGAMHwAF LF dgLzQXNMPZ 6uGv4TaaJkzT2YEzKLIyvY7e Dt160GwDSpH3Lqffh eas END RSA PRIVATE KEY gt lt contents gt lt passphrase gt My Certificate lt passphrase gt lt certificate gt lt serverRecord gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA some comments gt lt contents gt lt Comment gt lt set gt lt comments gt lt WebAppAuthRecord gt lt data gt lt ServiceRequest gt 82 Qualys Web Application Scanning API Chapter 3 Authentication API Update an authentication record Update an authentication record Update an authentication record which is in the user s scope URL https qualysapi qualys com gps rest 3 0 update was weba ppauthrecord lt id gt Methods allowed POST Input The element id Integ
34. E E a E e a aee 188 Chapter 7 Report Creation API Report Creation EE 192 Web Application Report zisenti erele R AR Ee SE 194 Scan Report rn nennen RR Ran mE E E LRS ES nad 198 Keel e GE 202 Catalog Report Era hate ceeds ths eae area adie ana 206 Reference Report Creattomn ENEE 209 Chapter 8 Option Profile API Current option profile count ENEE 214 Search Option Profiles 2 een se nun sangen ende 217 Get details for an option profile En 220 Create anew option profileren e ieni arao ree apa EA eaaet Hs 223 Update an option profile ieie a E E A 230 Delete an option profilene tensen nire e E EE E ea ee 234 Chapter 9 Finding API Current finding Counties iii ee E E EE E E 238 Search HINdINES eea oa EE cheese tetas insta EE E AE e EREE ASSE 241 Get details of a indingsan uuseennesensseiesensesens een 249 Isn re together 2 2222er ige ann ann RR 254 ACtivate Bercher eet sense es et 256 4 Qualys Web Application Scanning API Contents Chapter 10 Progressive Scanning Webi Application API Seege 2 22 22 260 Scan APIS Edessa SST ET 263 el EEN EE 266 Scan Report einen Ra end 269 Appendix A Error Messages Appendix B WAS Findings in XML Reports Qualys Web Application Scanning API 5 Contents 6 Qualys Web Application Scanning API Preface Using the Qualys Web Application Scanning WAS API third parties can integrate the Qualys Security and Compliance solution into their own applications using an extensible X
35. START_DATE gt 2014 10 07T17 50 012 lt STAR _DATE gt 2014 10 07T18 09 522 lt END_DA _DATE gt E gt PROGRESSIVE_SCANNING gt false lt PROGRESSIVE_SCANNING gt Good TION gt lt AUTHENTICATION_RECORD gt lt CDATA AAA 8 ICATION_RECORD gt gt lt PROFILE gt Scanner 813 1 lt SCANNER gt lt STATUS gt Finished lt STATUS gt lt AUTHENTICATION_STATUS gt Partial lt AUTH lt SCAN gt 272 ENTICATION_STATUS gt Qualys Web Application Scanning API APPFNDIX Error Messages This appendix describes the types of error messages returned from WAS API requests Sample Messages Elements Sample Messages Criteria Sample Messages Authorization Sample Messages Report Storage Limit Appendix A Error Messages Sample Messages Elements 274 Sample messages for element errors are shown below Error Message Resolution Element Validation url Invalid URL format lt value gt URL format must be as follows http lt baseUrl gt rest 3 0 parameters lt scope gt Invalid value lt value gt Element must be set to one of these values ALL LIMIT SUBDOMAIN or DOMAINS domains Element is required when scope is set to DOMAINS Specify the domains to include in the web application scope in the domains element subDomain Element is required when scope is set to SUBDOMAIN Specify the
36. Scan API Get scan details Get scan details Input View details for a scan on a web application which is in the user s scope Want to find a scan ID to use as input See Search scans URL https qualysapi qualys com gps rest 3 0 get was wasscan lt id gt Methods allowed GET The element id Integer is required where id identifies a scan Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the user s scope Example 100 Example 1 List scan details GET View details for the scan with the ID 1275177 Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was wasscan 1275177 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was scan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 1275177 lt id gt lt name gt lt CDATA My Vulnerability Scan gt lt name gt lt reference gt was 1435351699783 1836970 lt reference gt Qualys Web Application Scanning API Chapter 4 Scan API Get scan details lt type gt VULNERABILITY lt type gt lt mode gt API lt mode gt lt progressiveScanning gt true lt progressiveScanning gt lt multi
37. Social Security Numbers US lt name gt lt value gt lt CDATA false gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Sensitive Content Credit Card Numbers lt name gt lt value gt lt CDATA false gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Maximum Crawling Links lt name gt lt value gt lt CDATA 10 gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Bruteforce Settings lt name gt lt value gt lt CDATA MINIMAL gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Option Profile Name lt name gt lt value gt lt CDATA 10 links gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Crawling Form Submissions lt name gt lt value gt lt CDATA BOTH gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Request Parameter Set lt name gt lt value gt lt CDATA Initial Parameters gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Cancel After N Hours lt name gt lt value gt lt CDATA 2 gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Web Application Name lt name gt lt value gt lt CDATA My Web App gt lt value gt lt WasScanOption gt lt list gt lt options gt lt launchedDate gt 2015 06 26T20 48 192 lt launchedDate gt 102 Qualys Web Appl
38. Update a web application 48 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1234 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt Example 2 Update authentication records POST For the web application with ID 1234 add 1 authentication record and remove 1 authentication record Request curl u USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was webapp 1234 lt file xml Note file xml contains the request POST data Request POST data file xml lt ServiceRequest gt lt data gt lt WebApp gt lt name gt lt CDATA My WebApp Name gt lt name gt lt authRecords gt lt add gt lt WebAppAuthRecord gt lt id gt 77355 lt id gt lt WebAppAuthRecord gt lt add gt lt remove gt lt WebAppAuthRecord gt lt id gt 77356 lt id gt lt WebAppAuthRecord gt Qualys Web Application Scanning API Chapter 2 Web Application API Update a web application lt remove gt lt authRecords gt lt WebApp gt lt data gt lt ServiceRequest gt Response lt xml version
39. Url gt lt CDATA http corp2 ab myapp com 8080 gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com startingUri gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com startingUri gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com startingUri param true gt lt Ur1 gt lt Url gt lt CDATA http corp2 ab myapp com 443 startingUri param t rue amp param2 false gt lt Url gt lt Url gt lt CDATA https corp2 ab myapp com 8080 otherUri gt lt Url gt lt Url gt lt CDATA https corp2 ab myapp com otherUri param 1 gt lt Url1 gt lt Url gt lt CDATA https corp2 ab myapp com otherUri param 1 gt lt Url1 gt lt set gt lt uris gt lt attributes gt lt set gt lt Attribute gt lt category gt Business Function lt category gt value gt lt CDATA some business function gt lt value gt lt Attribute gt lt Attribute gt lt category gt Business Location lt category gt lt value gt lt CDATA some business location gt lt value gt lt Attribute gt lt Attribute gt lt category gt Business Description lt category gt lt value gt lt CDATA some business description gt lt value gt Qualys Web Application Scanning API 39 Chapter 2 Web Application API Create a web application 40 lt Attr lt set gt lt attributes gt lt tags gt lt set gt lt Tag gt lt id gt 217118 lt lt Tag gt lt id gt 152743 lt
40. code gt lt offset gt 07 00 lt offset gt lt timeZone gt lt occurrenceType gt ONCE lt occurrenceType gt lt cancelAfterNHours gt 8 lt cancelAfterNHours gt lt scheduling gt lt notification gt lt active gt true lt active gt lt reschedule gt true lt reschedule gt lt delay gt lt nb gt 1 lt nb gt lt scale gt DAY lt scale gt lt delay gt lt message gt lt CDATA A QualysGuard scan is scheduled to start soon gt lt message gt lt notification gt lt launchedCount gt 0 lt launchedCount gt lt createdDate gt 2014 08 27T22 30 592 lt createdDate gt Qualys Web Application Scanning API 143 Chapter 5 Schedule API Create a schedule 144 lt createdBy gt lt id gt 8792415669 lt id gt lt username gt quays_cp lt username gt lt firstName gt lt CDATA Customer_2 6_1 gt lt firstName gt lt lastName gt lt CDATA pocm gt lt lastName gt lt createdBy gt lt updatedDate gt 2014 08 27T22 31 002 lt updatedDate gt lt updatedBy gt lt id gt 8792415669 lt id gt lt username gt acme_abl lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Example 2 Create a new schedule cancel scan option POST Create a new vulnerability scan schedule on web app ID 2376281 and set the cancel sc
41. create a variety of web application reports based on security information collected by the most recent scans of your web applications See these topics Report Creation API Web Application Report Scan Report Scorecard Report Catalog Report Chapter 7 Report Creation API Report Creation API Report Creation API Input 192 Using the Report Creation API you can create these reports Web Application Report Scan Report Scorecard Report and Catalog Report URL https qualysapi qualys com qps rest 3 0 create was report Methods allowed POST Allowed input elements are listed below The associated data type for each element appears in parentheses See Reference Report Creation for descriptions of these elements Required Elements Optional Elements name Text tags id Integer type Keyword WAS_SCAN_REPORT WAS_WEBAPP_REPORT WAS_SCORECARD_REPORT or WAS_CATALOG_REPORT tags name Text format Keyword HTML_ZIPPED HTML_BASE64 PDF PDF_ENCRYPTED CSV XML or POWERPOINT password Text config 1 distributionList 1 The config element must have one and only one of these child elements webAppkReport scanReport catalogReport or scorecardReport These are described in the next sections Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NO
42. elements are optional and are used to filter the number of scans included in the count URL https qualysapi qualys com gps rest 3 0 count was wassc an Methods allowed GET POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScan for descriptions of these lt WasScan gt elements id Integer launchedDate Date name Text type Keyword DISCOVERY or VULNERABILITY webApp name Text mode Keyword MANUAL SCHEDULED or API webApp id Integer status Keyword SUBMITTED RUNNING FINISHED ERROR or CANCELED webApp tags with authStatus Keyword NONE NOT_USED operator NONE SUCCESSFUL FAILED or PARTIAL webApp tags id Integer resultsStatus Keyword NOT_USED TO_BE_PROCESSED NO_HOST_ALIVE NO_WEB_SERVICE TIME_LIMIT_EXCEEDED SCAN_RESULTS_INVALID SUCCESSFUL PROCESSING reference Text 90 Qualys Web Application Scanning API Chapter 4 Scan API Current scan count Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions User must hav
43. gt lt OWASP gt lt name gt lt CDATA Cross Site Scripting XSS gt lt name gt lt url gt lt CDATA https www owasp org index php Top_10_2013 A3 244 Qualys Web Application Scanning API Chapter 9 Finding API Search findings Cross Site_Scripting_ XSS gt lt url gt lt code gt 3 lt code gt lt OWASP gt lt list gt lt owasp gt lt wasc gt lt count gt 1 lt count gt lt list gt lt WASC gt lt name gt lt CDATA Cross Site Scripting gt lt name gt lt url gt lt CDATA http projects webappsec org w page 13246920 WASC gt lt url gt lt code gt 8 lt code gt lt WASC gt lt list gt lt wasc gt lt param gt lt CDATA accountcorp gt lt param gt lt resultList gt lt count gt 1 lt count gt lt list gt lt Result gt lt authentication gt false lt authentication gt lt accessPath gt lt count gt 1 lt count gt lt list gt lt Url gt lt CDATA https 10 10 26 238 gt lt Url1 gt lt list gt lt accessPath gt lt payloads gt lt count gt 5 lt count gt lt list gt lt PayloadInstance gt lt payload gt lt CDATA PATH FILE test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F 2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJ1lcjogaHROcHM6Ly8xMC4xMC
44. gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1912949 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt owner gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt scope gt ALL lt scope gt lt attributes gt lt count gt 0 lt count gt lt attributes gt lt defaultScanner gt lt type gt EXTERNAL lt type gt lt defaultScanner gt lt scannerLocked gt false lt scannerLocked gt lt urlBlacklist gt lt count gt 0 lt count gt lt urlBlacklist gt lt urlWhitelist gt lt count gt 0 lt count gt lt urlWhitelist gt lt postDataBlacklist gt lt count gt 0 lt count gt lt postDataBlacklist gt lt authRecords gt lt count gt 0 lt count gt lt authRecords gt lt useRobots gt IGNORE lt useRobot az lt useSitemap gt false lt useSitemap gt lt malwareMonitoring gt false lt malwareMonitoring gt lt tags gt lt count gt 0 lt count gt lt tags gt lt comments gt lt count gt 0 lt count gt lt comments gt lt isScheduled gt false lt isScheduled gt lt createdBy gt lt id gt 45941 lt
45. gt false lt multi gt lt target gt lt webApp gt lt id gt 2376280 lt id gt lt name gt lt CDATA My Web App gt lt name gt lt url gt lt CDATA http 10 10 26 238 gt lt url gt lt webApp gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt cancelOption gt DEFAULT lt cancelOption gt lt target gt lt profile gt lt id gt 332147 lt id gt lt name gt lt CDATA 10 links gt lt name gt lt profile gt lt options gt lt count gt 14 lt count gt Sak lt WasScanOption gt lt name gt Web Application Authentication Record Name lt name gt lt value gt lt CDATA None gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Detection Scope lt name gt lt value gt lt CDATA COMPLETE gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Scanner Appliance lt name gt lt value gt lt CDATA External gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Target URL lt name gt lt value gt lt CDATA http 10 10 26 238 gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Performance Settings lt name gt lt value gt lt CDATA LOW gt lt value gt Qualys Web Application Scanning API 101 Chapter 4 Scan API Get scan details lt WasScanOption gt lt WasScanOption gt lt name gt Sensitive Content
46. gt zip code lt customContents gt lt sensitiveContent gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA Comment 2 gt lt contents gt lt Comment gt lt set gt lt comments gt lt bruteforceList gt lt id gt 74005669 lt id gt lt bruteforceList gt lt detection gt lt includedSearchLists gt lt set gt lt SearchList gt lt id gt 3496185669 lt id gt lt SearchList gt lt set gt lt includedSearchLists gt lt excludedSearchLists gt lt set gt lt SearchList gt lt id gt 3496175669 lt id gt lt SearchList gt lt SearchList gt lt id gt 3496165669 lt id gt lt SearchList gt lt set gt lt excludedSearchLists gt lt detection gt lt OptionProfile gt lt data gt lt ServiceRequest gt 232 Qualys Web Application Scanning API Chapter 8 Option Profile API Update an option profile Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt OptionProfile gt lt id gt 832275669 lt id gt lt OptionProfile gt lt data gt lt ServiceRequest gt Qualys Web Application Scanning API 233 Chapter 8 Option Profile API Delete an option profile Delete an option pr
47. id Integer webAppAuthRecord id Integer type Keyword DISCOVERY or options VULNERABILITY profile id Integer proxy id Integer startDate Date cancelOption set to DEFAULT Forces the use of the target web app s cancelScans option if set else fall back to the one passed in to the API while launching the scan timeZone Text cancelOption set to SPECIFIC Always use the cancel scan option passed while launching the scan occurrenceType Keyword ONCE DAILY WEEKLY or MONTHLY notification Boolean reschedule Boolean The element profile Text is required unless the target has a default option profile Permissions User must have the WAS application enabled User must have API Access permission User must have Create WAS Schedule permission Scan target must be within the user s scope 140 Qualys Web Application Scanning API Chapter 5 Schedule API Create a schedule Examples Example 1 Create a new weekly schedule POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was wasscansched ule lt file xml Request POST Data lt ServiceRequest gt lt data gt lt WasScanSchedule gt lt name gt lt CDATA Create Schedule from API3 using Reschedule gt lt name gt lt type gt VULNERABILITY lt type gt lt active gt false lt active gt lt
48. in which it was generated 180 Qualys Web Application Scanning API Chapter 6 Report API Send an encrypted PDF report Send an encrypted PDF report Send an encrypted PDF report which is in the user s scope to a distribution list URL https qualysapi qualys com gps rest 3 0 send was report lt i d gt Methods allowed POST Input The elements id Integer and distributionList Text are required where id identifies a report and distributionList identifies the email addresses of the report recipients Permissions User must have the WAS application enabled User must have API Access permission User must have Distribute Report permission Report must be within the user s scope Example Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 send was report 1302 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt Report gt lt distributionList gt lt add gt lt EmailAddress gt lt CDATA emaill abc com gt lt EmailAddress gt lt EmailAddress gt lt CDATA email2 abc com gt lt EmailAddress gt lt add gt lt distributionList gt Qualys Web Application Scanning API 181 Chapter 6 Report API Send an encrypted PDF report lt Report gt
49. lt maxCrawlRequests gt lt userAgent gt lt CDATA Mozilla 5 0 Windows NT 6 2 WOW64 AppleWebKit 537 36 KHTML like Gecko Chrome 27 0 1453 116 Safari 537 36 gt lt userAgent gt lt parameterSet gt lt id gt 15669 lt id gt lt name gt lt CDATA Custom Parameters gt lt name gt lt parameterSet gt lt ignoreBinaryFiles gt true lt ignoreBinaryFiles gt lt performance gt LOW lt performance gt lt bruteforceOption gt USER_DEFINED lt bruteforceOption gt lt bruteforceList gt Qualys Web Application Scanning API 227 Chapter 8 Option Profile API Create a new option profile lt id gt 74005669 lt id gt lt name gt lt CDATA BFL gt lt name gt lt bruteforceList gt lt detection gt lt includedSearchLists gt lt count gt 1 lt count gt lt list gt lt SearchList gt lt id gt 3496185669 lt id gt lt SearchList gt lt list gt lt includedSearchLists gt lt excludedSearchLists gt lt count gt 2 lt count gt lt list gt lt SearchList gt lt id gt 3496175669 lt id gt lt SearchList gt lt SearchList gt lt id gt 3496165669 lt id gt lt SearchList gt lt list gt lt excludedSearchLists gt lt detection gt lt comments gt lt count gt 1 lt count gt lt list gt lt Comment gt lt contents gt lt CDATA Some Comment gt lt contents gt lt Comment gt lt list gt lt comments gt lt sensitiveContent gt lt cred
50. lt data gt lt Report gt lt id gt 2629 lt id gt lt Report gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 197 Chapter 7 Report Creation API Scan Report Scan Report A scan report shows you the results of scans on a particular web application Input for this report Allowed input elements are listed below The element target is required and at least one scans child element is required See Reference Report Creation for details target scans WasScan display contents ScanAppReportContent filters searchlists SearchList display graphs ScanAppReportGraph filters url Text display groups ScanAppReportGroup filters status ScanFindingStatus display options rawLevels filters remediation showPatched Keyword SHOW_ONLY SHOW_NONE SHOW_BOTH default Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Example Create a scan report Create a scan report in HTML ZIPPED format selecting a single scan for the target Request curl u USERNAM E PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was report lt file xml Note file xml contains the request POST data 198 Qualys Web Application
51. lt progressiveScanning gt true lt progressiveScanning gt Qualys Web Application Scanning API 265 Chapter 10 Progressive Scanning Schedule API Schedule API 266 Schema schedule xsd wasscanschedule xsd A new progressiveScanning element was added to the WasScanSchedule XML element DEFAULT Use web application setting ENABLED Use progressive scanning for all web applications DISABLED Do not use progressive scanning for all web applications lt xs simpleType name ProgressiveScanningOption gt lt xs restriction base xs string gt lt xs enumeration value DEFAULT gt lt xs enumeration value ENABLED gt lt xs enumeration value DISABLED gt lt xs restriction gt lt xs simpleType gt lt xs complexType name WasScanSchedule gt lt xs all gt lt xs element name id type xs long minOccurs 0 gt lt xs element name progressiveScanning type ProgressiveScanningOption default DEFAULT minOccurs 0 gt CREATE UPDATE schedule The user will be able to set progressiveScanning to ENABLED DISABLED or DEFAULT if progressiveScanning is enabled for the subscription If this option is not set for a new schedule the value DEFAULT is used API request update curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was wasscansched ule 1688 lt file
52. qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 323102 lt id gt lt name gt lt CDATA MamboCMS gt lt name gt lt url gt lt CDATA http funkytown acme01 acme com Forms FormFields temp up dated_web_app_name gt lt url gt lt scannerLocked gt false lt scannerLocked gt lt progressiveScanning gt false lt progressiveScanning gt Qualys Web Application Scanning API Chapter 10 Progressive Scanning Scan API Scan API Schema scan xsd wasscan xsd A new progressiveScanning element was added to the WasScan XML element Expected format is a boolean lt xs complexType name WasScan gt lt xs all gt lt xs element name id type xs long minOccurs 0 gt lt xs element name progressiveScanning type xs boolean minOccurs 0 gt LAUNCH scan The user can set the progressiveScanning option to true or false for the vulnerability scan if Progressive Scanning is enabled for the subscription If the option is not set for a scan the Progressive Scanning setting for the web application is used Note this option is not supported for a discovery scan API request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 launch was wasscan lt file xml file xml contains the req
53. schedule are required where id identifies a schedule See Reference WasScanSchedule for descriptions of all of the lt WasScanSchedule gt elements Permissions User must have the WAS application enabled User must have API Access permission User must have Edit WAS Schedule permission Scan target must be within the user s scope Example Example 1 Enable notification POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 update was wasscansched ule 1688 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WasScanSchedule gt lt notification gt lt active gt true lt active gt lt delay gt lt nb gt 4 lt nb gt lt scale gt DAY lt scale gt 148 Qualys Web Application Scanning API Chapter 5 Schedule API Update a schedule lt delay gt lt recipients gt lt set gt EmailAddress gt lt CDATA namel company com gt lt EmailAddress gt A lt EmailAddress gt lt CDATA name2 company com gt lt EmailAddress gt lt EmailAddress gt lt CDATA name3 company com gt lt EmailAddress gt lt set gt lt recipients gt lt message gt lt CDATA The schedule notification message gt lt message gt lt notification gt lt WasScanSchedule gt lt data gt
54. subdomains to include in the web application scope in the subDomain element subDomain Invalid domain name format lt value gt Use following format in the subDomain element my domain suffix must start with a dot useRobots Invalid value lt value gt Element userRobots must be set to one of these values IGNORE ADD_PATHS BLACKLIST Url Element is required Element Url is required uris lt field gt Invalid URL format lt value gt For the uri lt field gt sub element specify a URL like http domain name base url parameters uris lt field gt Length of the field must not be greater than 2048 characters lt value gt For the uri lt field gt sub element the maximum field length is 2048 characters Domain Element is required The domain element must be provided Domain Invalid host name format lt value gt Use following format for value in the Domain element www my domain example Length of all domains cannot exceed 2048 characters The list of all domains in the web application cannot exceed 2048 characters Attribute category Element is required The element Attribute category is required Attribute category Invalid value lt value gt Element Attribute category must be set to one of these values Business Function Business Location Business Description Attribute value Element is required
55. valid HTTP or HTTPS URL consistent with the web application scope 60 Qualys Web Application Scanning API Element data type Chapter 2 Web Application API Reference WebApp Description malwareMonitoring A flag indicating whether Malware Monitoring is enabled for Boolean the web application Boolean Example lt malwareMonitoring gt true lt malwareMonitoring gt malwareNotification A flag indicating whether email notification is enabled for Boolean Malware Monitoring scans Boolean Example lt malwareNotification gt true lt malwareNotification gt malwareScheduleTime The scheculed time for the daily Malware Monitoring scan Example lt malwareScheduleTime gt 02 00 lt malwareScheduleTime gt malwareScheduleTimeZone The time zone that applies to the schedule for the Malware Monitoring Scan Example lt malwareScheduleTimeZone gt lt code gt America Vancouver lt code gt lt malwareScheduleTimeZone gt Scan Settings defaultProfile The default option profile for scanning the web application When unspecified an option profile must be specified by the user for each scan lt defaultProfile gt lt id gt 139359 lt id gt lt name gt lt CDATA 10 Links edit gt lt name gt lt defaultProfile gt defaultScanner The default scanner for the web application A default scanner is optional For type Keyword specify INTERNAL for a scanner appliance or EXTERNAL fo
56. xml file xml contains the request POST data lt ServiceRequest gt lt data gt Qualys Web Application Scanning API Chapter 10 Progressive Scanning Schedule API lt WasScanSchedule gt lt id gt 1688 lt id gt lt progressiveScanning gt ENABLED lt progressiveScanning gt lt WasScanSchedule gt lt data gt lt ServiceRequest gt XML output lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 1688 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt XML output error If Progressive Scanning is not enabled for the subscription the progressiveScanning element cannot be provided otherwise an error will be returned lt xml version 1 0 encoding UTF 8 gt lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt INVALID_REQUEST lt responseCode gt lt responseErrorDetails gt lt errorMessage gt Progressive scanning is not enabled in your subscription lt errorMessage gt lt errorResolution g
57. 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1234 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt Example 2 Update multiple settings POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was webapp 32347 pe Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WebApp gt lt name gt My Web Application lt name gt lt url gt http mywebapp com lt url gt lt scope gt DOMAINS lt scope gt lt domains gt lt remove gt lt Domain gt abc com lt Domain gt Qualys Web Application Scanning API 49 Chapter 2 Web Application API Update a web application lt Domain gt def com lt Domain gt lt Domain gt ghi com lt Domain gt lt remove gt lt domains gt lt attributes gt lt remove gt lt Attribute gt lt category gt Business Function lt category gt lt Attribute gt lt Attribute gt lt category gt Business Location lt category gt lt Attribute gt lt remove gt lt update gt lt Attribute gt lt category gt Business Description lt cate
58. 1 11 24T00 00 002 lt creationDate gt lt lastDownloadDate gt 2011 11 09T00 00 002 lt lastDownloadDate gt lt downloadCount gt 1 lt downloadCount gt lt tags gt Gl Qualys Web Application Scanning API 177 Chapter 6 Report API Get report details lt count gt 2 lt count gt lt list gt lt Tag gt lt id gt 99509 lt id gt lt name gt lt CDATA Tag 1 gt lt name gt lt Tag gt lt Tag gt lt id gt 99510 lt id gt lt name gt lt CDATA Tag 2 gt lt name gt lt Tag gt lt list gt lt tags gt lt distributionList gt lt count gt 2 lt count gt lt list gt lt EmailAddress gt lt CDATA emaill company com gt lt EmailAddress gt lt EmailAddress gt lt CDATA email2 company com gt lt EmailAddress gt lt list gt lt distributionList gt lt owner gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt Report gt lt data gt lt responseCode gt SUCCESS lt responseCode gt lt ServiceResponse gt 178 Qualys Web Application Scanning API Chapter 6 Report API Get report status Get report status Retrieve the status of a report which is in the user s scope URL https qualysapi qualys com gps rest 3 0 status was report lt id gt M
59. 10 26 238 443 subuser form sitemap gt lt name gt lt url gt lt CDATA https 10 10 26 238 443 gt lt url gt lt webApp gt lt patch gt 18007 lt patch gt lt isIgnored gt false lt isIgnored gt lt externalRef gt lt CDATA aaaaabbbbbccccc gt lt externalRef gt lt Finding gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 253 Chapter 9 Finding API Ignore Findings Ignore Findings Ignore findings for a web application which is in the user s scope URL https qualysapi qualys com gps rest 3 0 ignore was finding Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format id Integer ignoredReason Keyword FALSE_POSITIVE RISK_ACCEPTED or NOT_APPLICABLE qid Integer group Keyword XSS SQL INFO PATH CC SSN_US or CUSTOM name Text owasp name Text type Keyword VULNERABILITY SENSITIVE_CONTENT or INFORMATION_GATHERED owasp code Integer url Text wasc name Text webapp tags id Integer wasc code Integer webapp tags name Text cwe id Integer status Keyword NEW ACTIVE or REOPENED firstDetectedDate Date Webapp id I
60. 18 09 522 lt LAST_TIME_TESTED gt Gl Qualys Web Application Scanning API 269 Chapter 10 Progressive Scanning Scan Report 270 lt TIMES_DETECTED gt 1 lt TIMES_DETECTED gt lt PAYLOADS gt lt PAYLOAD gt lt NUM gt 1 lt NUM gt lt PAYLOAD gt lt CDATA PATH FILENAME EXTENSION test1 gt lt PAY LOAD gt lt REQUEST gt lt METHOD gt GET lt METHOD gt lt URL gt lt CDATA https 10 10 26 238 boq protected mime defaul tPage pdf test1 gt lt URL gt lt HEADERS gt lt HEADER lt CDATA http 10 10 26 238 gt lt HEADER gt lt HEADER cookie3 cookiethree cookie2 cookietwo KEY Referer gt KEY Cookie gt lt CDATA cookiel cookieone PHPSESSID 346e3909391063e3449e203efaefa224 gt lt HEADER gt lt HEADERS gt lt REQUES lt RESPONSE gt gt lt CON base64 true gt lt CDATA SFRUUC8xLj ENTS EgMjAw lt RESPONS E gt lt PAYLOAD gt lt PAYLOADS gt lt VULNERABILITY gt lt SENSITIVE_CONTENT gt lt ID gt 76671 lt ID gt lt DETECTION_ID gt 230 lt QID gt 150022 lt QID gt 4 lt DET IE9L gt lt CONTENTS gt E
61. 4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va21l1ldGChyZWU7IGNvb2tpZTI9Y29va2l1dHdvOoyBjb29raW UxPWNvb2t pZW9uZTsgUEhHQUOVTU0LEPWO3YTBIYWI5NZNhOTIyNWE2N4kzOD14jMj1h ZWVhYTR1OwWOK gt lt headers gt Qualys Web Application Scanning API 245 Chapter 9 Finding API Search findings lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadInstance gt lt payload gt lt CDATA PATH FILE test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F 2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJ1cjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va21l1dGhyZWU7IGNvb2tpZTI9Y29va2lldHdvoyBjb29raW UxPWNvb2tpZW9UZTSgUEhQUOVTUOLEPTBJZWY2OTUZNMISM2MYYTOQO3ZmMyYzI3NWJm NJIAMDc30w0OK gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadInstance gt lt payload gt lt CDATA PATH FI
62. 56 64 245 gt lt ip gt lt filters gt filters os Text Applies to a Catalog Report Example lt filters gt lt os gt lt CDATA unix gt lt os gt lt filters gt 212 Qualys Web Application Scanning API CHAPTER Option Profile API The WAS Option Profile API provides a suite of API functions for managing option profiles you want to use for scanning web applications These operations are available Current option profile count Search option profiles Get details for an option profile Create a new option profile Update an option profile Delete an option profile Chapter 8 Option Profile API Current option profile count Current option profile count Returns the total number of option profiles in the user s scope Input elements are optional and are used to filter the number of option profiles included in the count URL https qualysapi qualys com gps rest 3 0 count was option profile Methods allowed Input GET POST Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND id Integer Filter by option profile ID name Text Filter by option profile name tags Filter by tags applied tags id Integer Filter by tag ID applied tags name Text Filter by tag name applied createdDat
63. 6 Report API Search reports Example 1 Search no criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was report lt file xml Note file xml contains the request POST data Specify an empty file since no search criteria is being specified Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 3 lt count gt lt data gt lt list gt lt Report gt lt id gt 1393 lt id gt lt name gt lt CDATA Web Application Report 1 gt lt name gt lt type gt WAS_W EBAPP_R lt format gt PDF lt forma lt status gt COM lt size gt 22446 lt creationDa lt tags gt lt count gt 0 lt count gt lt tags gt lt owner gt lt id gt 12305 6 lt id gt EPORT lt type gt t gt PLETE lt status gt 67 lt size gt te gt 2011 11 25T10 20 062 lt creationDate gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt Report gt lt Report gt lt id gt 1394 lt id gt lt name gt lt CDATA Web Application Report 2 gt lt name gt lt type gt WAS_W lt format gt PDF lt format Qualys Web Application Scanning API EBAPP_R EPORT lt type gt gt 173 Ch
64. 78 Qualys Web Application Scanning API APPFNDIX WAS Findings in XML Reports Findings in all WAS reports in XML format are Base64 encoded starting with WAS version 3 1 and later Findings include vulnerability detections information gathered and sensitive content Did you build clients using WAS version 3 0 or earlier If yes please update your clients so that WAS findings data is processed accurately Tell me about Base64 encoded findings All findings reported for scan and web applications are base64 encoded in XML This includes Actual contents of the response If evidence in response is highlighted the evidence contents Information gathered data Base64 encoded data usually will have the attribute set to base64 true For example lt FINDING gt lt PAYLOAD gt lt CDATA uid 00 3Cscript 3E_q 3Drandom X157105156Y1 Z S3CS2Fscript 3E gt lt PAYLOAD gt lt RESULT base64 true gt lt CDATA C19mZWVkKCgKCgpbCilI gt lt RESULT gt lt FINDING gt oo Appendix B WAS Findings in XML Reports If the base64 true attribute is not set the value will be in plain text For example lt FINDING gt lt PAYLOAD gt lt CDATA uid S00 3Cscript 3E_q 3Drandom X157105156Y12 3C 2F script 3E gt lt PAYLOAD gt lt RESULT gt lt CDATA _feed gt lt RESULT gt lt FINDING gt Which WAS reports show findings WAS v3 Scan Results Web Applicatio
65. API 255 Chapter 9 Finding API Activate Findings Activate Findings Activate ignored findings for a web application which is in the user s scope URL https qualysapi qualys com gps rest 3 0 activate was finding or https qualysapi qualys com gps rest 3 0 activate was finding lt id gt Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format id Integer ignoredReason Keyword FALSE_POSITIVE RISK_ACCEPTED or NOT_APPLICABLE qid Integer group Keyword XSS SQL INFO PATH CC SSN_US or CUSTOM name Text owasp name Text type Keyword VULNERABILITY SENSITIVE_CONTENT or INFORMATION_GATHERED owasp code Integer url Text wasc name Text webapp tags id Integer wasc code Integer webapp tags name Text cwe id Integer status Keyword NEW ACTIVE or REOPENED firstDetectedDate Date Webapp id Integer lastDetectedDate Date webapps name Text lastTestedDate Date severity Integer timesDetected Integer ignoredDate Date 256 Qualys Web Application Scanning API Chapter 9 Finding API Activate Findings Permissions The WAS ap
66. ASC lt ScanReportGraph gt lt ScanReportGraph gt VULN lt ScanReportGraph gt SENSITIVE_CONTENTS_BY_GROUP lt ScanReportGraph gt lt graphs gt lt groups gt Qualys Web Application Scanning API 199 Chapter 7 Report Creation API Scan Report lt Sca lt Sca lt Sca lt Sca Report Group gt URL lt ScanReportGroup gt Report Group gt GROUP lt ScanReportGroup gt Report Group gt OWASP lt ScanReportGroup gt Report Group gt WASC lt ScanReportGroup gt lt ScanReportGroup gt STATUS lt ScanReportGroup gt lt ScanReportGroup gt CATEGORY lt ScanReportGroup gt lt ScanReportGroup gt QID lt ScanReportGroup gt lt groups gt lt options gt lt rawLevels gt true lt rawLevels gt lt options gt lt display gt lt filters gt lt searchlists gt lt SearchList gt lt id gt 43147 lt id gt lt SearchList gt lt searchlists gt lt url gt http www mysite com help html lt url gt lt status gt lt ScanFindingStatus gt NEW lt ScanFindingStatus gt lt ScanFindingStatus gt ACTIVE lt ScanFindingStatus gt lt ScanFindingStatus gt REOPENED lt ScanFindingStatus gt lt ScanFindingStatus gt FIXED lt ScanFindingStatus gt lt status gt lt filters gt lt scanReport gt T lt config gt lt Report gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http
67. ATA Alex gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt updatedDate gt 2014 09 24T23 34 172 lt updatedDate gt lt screenshot gt lt CDATA _9jJ_4AAOSKZURGABAQOEAegBrAAD_2wWBDAAYEBOYFBAYGB OYHBwWYIChAKCgkJChOODWWOFXQYGBCUFhYaHSU fGhs JHBYWICwgIyYnKSopGR8tMCO oMCUoOKS j_ 2wBDAQCHBwo IChMKChMoGhYakCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK CgoKCgokCg shortened for brevity UrlSafe encoded Convert this value in order to decode and view the image file png lt screenshot gt lt WebApp gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application Create a web application A web application is a configuration in your account Once created a user can select the web application as the target of a web application scan URL https qualysapi qualys com qps rest 3 0 create was webap P Methods allowed POST Input Required elements are name and url Other elements are optional All dates must be entered in UTC date time format See Reference WebApp for descriptions of all lt WebApp gt elements When only name and url are specified e Scope defaults to ALL The scanner will craw all directories and sub directories of the starting URL e No default option profile is specified An option profile must be specified for each scan e No aut
68. BMITTED RUNNING FINISHED ERROR or CANCELLED lastScan date Date Permissions User must have the WAS application enabled User must have API Access permission User must have Delete Web Asset permission Web application must be within the user s scope Examples Example 1 Delete single POST Delete the web application that has the ID 1234 Request curl u USERNAME PASSWORD H content type text xml X POST https qualysapi qualys com gps rest 3 0 delete was webapp 1234 Qualys Web Application Scanning API 53 Chapter 2 Web Application API Delete web applications 54 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1234 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt Example 2 Delete bulk POST Delete web applications in the user s account that have a name with the word Merchant and have an ID greater than 323000 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 delete was webapp lt file xml Note file xml contains the request POST data
69. CDATA C1 9mZWVkKCgKCgpbCi IiJyZndDsmbHO7CXNZIGEIWDEILNZEWNTEINIKXW iZndDsiCgpdCgoKCikpCg gt lt result gt lt WasScanVulnPayload gt lt WasScanVulnPayload gt lt payload gt lt CDATA uid S00 3Cscript 3E_q 3Drandom X157201836Y12 3C S2F script S3E gt lt payload gt lt result base64 true gt lt CDATA C19mZWVkKCgKCgpbCil gt lt result gt lt WasScanVulnPayload gt lt WasScanVulnPayload gt lt payload gt lt CDATA uid 22 3E 3Cqss 20a 3DX157201836Y12 3E gt lt pay load gt lt result base64 true gt lt CDATA C19mZWVkKCgKCgpbCiliJdyZndDsmbHQ7cXNzIGE9WDEINzIwMTgzN1kxW iZndDsiCgpdCgoKCikpCg gt lt result gt lt WasScanVulnPayload gt lt list gt lt payloads gt lt WasScanVulnInstance gt lt list gt lt instances gt lt WasScanVuln gt Information Gathered findings WasScan igs list WasScanlg data Sample WAS v3 Scan Results XML lt INFO gt lt QID gt 150044 lt QID gt Qualys Web Application Scanning API 281 Appendix B WAS Findings in XML Reports lt TITLE gt lt CDATA Login Form Is Not Submitted Via HTTPS gt lt TITLI El v lt RESULT base64 true gt lt CDATA RGVmYXVsdCBmb3Jt IGF jdGlvbiBkb2VzIG5vdCBzdWJtaxXQgdmlhIFNTT DogaHROcDovL2dvb2ds ZS1incnV5ZXJlLmFwcHNwb3QuY29t LzYxMzQ2MDYyNTMyOS9sb2dpbgo gt lt RESUL T gt lt INFO gt Web Application Report V
70. CESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 164 lt id gt lt status gt SUBMITTED lt status gt lt WasScan gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 109 Chapter 4 Scan API Retrieve the results of a scan Retrieve the results of a scan Input Retrieve the results of a scan on a web application which is in the user s scope Include 3 0 in the URL for WASA v3 scan results using the WAS API schema part of the API V3 architecture see https qualysapi qualys com qps xsd 3 0 was wasscan xsd Include 2 0 in the URL for scan results in legacy format WAS v2 and earlier using the webapp_scan dtd see Reference WAS Scan Results legacy URL https qualysapi qualys com qps rest 3 0 download was wasscan lt id gt or https qualysapi qualys com gps rest 2 0 download was wasscan lt id gt Methods allowed GET Tip When you download web application scan results using the WAS API you ll want to view vulnerability descriptions from the Qualys KnowledgeBase in order to understand the vulnerabilities detected and see our recommended solutions See How to Download Vulnerability Details in Chapter 1 The element id Integer is required where id identifies a scan Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the us
71. CTION_ID gt lt URL gt lt CDATA http 10 10 26 238 boq acct other WillProduce500Err or php gt lt URL gt lt CONTENT gt 200nEv lt PARA lt ACCESS_PATH gt T ent R EQUES ID 20 lt CONTENT gt gt lt CDATAlreferer gt lt PARAM gt lt URL gt lt CDATA http 10 10 26 238 gt lt URL gt lt URL gt lt CDATA http 10 10 26 238 boq tou html s 1 gt lt URL gt lt URL gt lt CDATA http 10 10 26 238 bog acct gt lt URL gt Qualys Web Application Scanning API Chapter 10 Progressive Scanning Scan Report lt URL gt lt CDATA http 10 10 26 238 boq acct other gt lt URL gt lt ACCESS_PATH gt lt AUTHENTICATED gt Not Required lt AUTHENTICATED gt lt STATUS gt NEW lt STATUS gt lt FIRST_TIME_DETECTED gt 2014 10 07T18 09 522 lt FIRST_TIME_DETECTED gt lt LAST_TIME_DETECTED gt 2014 10 07T18 09 522 lt LAST_TIME_DETECTED gt lt LAST_TIME_TESTED gt 2014 10 07T18 09 522 lt LAST_TIME_TESTED gt lt TIMES_DETECTED gt 1 lt TIMES_DETECTED gt lt PAYLOADS gt lt PAYLOAD gt lt NUM gt 1 lt NUM gt lt PAYLOAD gt lt CDATA 00 gt lt PAYLOAD gt lt REQUEST gt lt METHOD gt GET lt METHOD gt lt URL gt lt CDATA http 10 10 26 238 boq acct other WillProduce500Error ph p gt lt URL gt T T
72. D FORM_CUSTOM FORM_SELENIUM SERVER_BASIC SERVER_DIGEST createdDate Date Qualys Web Application Scanning API Chapter 3 Authentication API Current authentication record count Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions User must have the WAS application enabled User must have API Access permission Count includes authentication records within the user s scope Examples Example 1 Count no criteria GET Return the number count of all authentication records in the user s scope Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was webappauthrec ord Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 3 lt count gt lt ServiceResponse gt Qualys Web Application Scanning API 67 Chapter 3 Authentication API Current authentication record count 68 Example 2 Count criteria POST Return the number count authentication records that have a name that contains the term server
73. Date Date Permissions User must hav User must hav e the WAS application enabled e API Access permission The authentication record must be within the user s scope Examples Example 1 Delete specific record POST Delete authentication record ID 78149 Request ctrl u US ERNAME PASSWORD H content type text xml X POST https qu cord 78149 alysapi qualys com qps rest 3 0 delete was webappauthre Qualys Web Application Scanning API 85 Chapter 3 Authentication API Delete authentication records 86 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebAppAuthRecord gt lt id gt 78149 lt id gt lt WebAppAuthRecord gt lt data gt lt ServiceResponse gt Example 2 Delete multiple records POST Delete authentication records that have a name containing the term server Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 delete was webappauthre cord lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters g
74. ECTED gt lt LAST_TIME_DETECTED gt 2011 12 30T09 57 392 lt LAST_TIME_DETECTED gt lt LAST_TIME_TESTED gt 2011 12 30T09 57 39Z lt LAST_TIME ED gt lt DATA base64 true gt lt CDATA I3RhYmx1Ck1QX2FkZHJ1c3MgSG9zdF 9uYW11CgoxMC4 xMC4yNi43NyBmdW5rexXR vd24udnVsbi5x YS5xdWFseXMuY29tCg gt lt DATA gt lt INFORMATION_GATHERED gt lt INFORMATION_GATHERED gt lt ID gt 1532 lt ID gt lt QID gt 150031 lt QID gt lt FIRST_TIME DETECTED gt 2011 12 30T09 57 392 lt FIRST_TIME_DETECTED gt lt LAST_TIME_DETECTED gt 2011 12 30T09 57 392 lt LAST_TIME_DETECTED gt lt LAST_TIME_TESTED gt 2011 12 30T09 57 392 lt LAST_TIME_TESTED gt T T H A un H T T H Qualys Web Application Scanning API 283 Appendix B WAS Findings in XML Reports 284 lt DATA base64 true gt lt CDATA VG1tZW91dCByZWF jaGVkIGLUIE1LQQyB jb25uZWNOaw9 ulHRVIFd1YktpdC4gSmF 2YVNJjcmlwdCBz AXBwb3J0IGRpc2FibGVkIG1luOmVQaGF zZUNyYXdsCkNyYXdsIGNvbXBsZXR1ZCB3aXx RoIFdlYktp dC4K gt lt DATA gt lt INFORMATION_GATHERED gt Web Application Scan Report Vulnerability and Sensitive Content findings WAS_SCAN_REPORT RESULTS VULNERABILITY_LIST VULNERABILITY PAYLOADS P AYLOAD RESPONSE CONTENTS
75. ED lt status gt T lt WasScan gt lt data gt lt ServiceResponse gt 98 Qualys Web Application Scanning API Chapter 4 Scan API Search scans Example 3 List scans web applications without tags POST Return a list of scans of web applications that do not have any tags assigned Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field webApp tags operator NONE gt lt Criteria gt lt filters gt lt ServiceRequest gt Example 3 List scans web applications with certain tags POST Return a list of scans of web applications that have certain tags assigned Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field webApp tags id operator EQUALS gt 1516928 lt Criteria gt lt Criteria field webApp tags id operator EQUALS gt 1234567 lt Criteria gt lt filters gt lt ServiceRequest gt Qualys Web Application Scanning API 99 Chapter 4
76. ELEMENT SEVERITY_4 PCDATA gt lt ELEMENT SEVERITY_5 PCDATA gt lt ELEMENT TOTAL PCDATA gt lt ELEMENT SENSITIVE_CONTENT_SUMMARY SENSITIVE_CONTENT_GROUP gt lt ELEMENT SENSITIVE_CONTENT_GROUP TITLE TOTAL gt lt RESULTS gt lt ELEMENT RESULTS VULN_LIST SENSITIVE_CONTENT_LIST INFO_LIST gt lt ELEMENT VULN_LIST VULN gt lt ELEMENT VULN GROUP QID TITLE VULN_INSTANCES gt lt ELEMENT VULN_INSTANCES VULN_INSTANCE gt lt ELEMENT VULN_INSTANCE HOST PORT URI AUTHENTICATED FORM_ENTRY_POINT PARAMS FINDINGS gt lt ELEMENT AUTHENTICATED PCDATA gt lt ELEMENT FORM_ENTRY_POINT PCDATA gt lt ELEMENT SENSITIVE_CONTENT_LIST SENSITIVE_CONTENT gt lt ELEMENT S T NSITIVE_CONTENT GROUP QID TITLE SENSITIVE_CONTENT_INSTANCES gt lt ELEMENT SENSITIVE_CONTENT_INSTANCES SENSITIVE_CON TENT_INSTANCE gt lt ELEMENT SENSITIVE_CONTENT_INSTANCE HOST PORT URI CONTENT FINDINGS gt lt ELEMENT INFO_LIST INFO gt lt ELEMENT INFO lt ELEMENT GROU lt ELEMENT QID QID TITLE RESULT gt P PCDATA gt PCDATA gt lt ELEMENT TITLI lt ELEMENT HOS
77. EST gt lt RESPONSE gt lt CONTENTS 282 IMES_DETECTED gt 20onEvent 3dX146470180Y12 20 gt lt PAYLOAD gt Qualys Web Application Scanning API Appendix B WAS Findings in XML Reports base64 true gt lt CDATA bGQiJmd00yZsdDsmbHO7L3NwYW4mZ3071ID0mZ3071CZ sdDt zcGFulGNsYXNzPSJib2xkIiZndDsmYW1w02x00yZsdDsvc3BhbiZndDsmbHO7Y niImZ3Q07CiZsdDsvZG12Jmd00wombHO7L2RpdiZndDsKJmx002JyJmd0OwombHQO7ZG1 2IGNSYXNzPSJwYX1sb2FkcyImZ307Ck91dHB1dCBmcm9t IHJLCXV1c30gJmx00O3NwWY WAgY2xhc3M9ImJvbGoiJmd00y9JYXNzaXVtL3hzcy5waHA dmFyawWwFudDOwJmEtcDt xcz0xJmFtcDtmPTAmYW1wO3M9JyUyMG9URXZ1bnQLlM2RYMTO2NDCWMTOQWWTFaJTIwJ mx0Oy9zcGFuJmd0OwombHO7 YnImZ307CiZsdDthIGhyZwy 9J1wnIG9uRKZ1lbnOIWDE ONJO3MDE4MFkxWiAnJmd0O3NhbXBsZSBsawW5SrJmx00y 9hJmd0OwombHO7L2RpdiZnd DsKJmx003NjcmlwdCZndDtt YWlukKCkmbHO7L3NjcmlwdCZndDsKJmx00y9ib2R5JUmd OOwombHQ7L2h0bWwmZ3Q7 gt lt CONTENTS gt lt RESPONSE gt lt PAYLOAD gt lt PAYLOADS gt lt IGNORED gt false lt IGNOR lt VULNERABILITY gt el ei v Information Gathered findings WAS_WEBAPP_REPORT RESULTS WEB_APPLICATION INFORMATION_GATHERED_LI ST INFORMATION_GATHERED DATA Sample Web Application Report XML lt INFORMATION_GATHERED_LIST gt lt INFORMATION_GATHERED gt lt ID gt 1529 lt ID gt lt QID gt 6 lt QID gt lt FIRST_TIME DETECTED gt 2011 12 30T09 57 392 lt FIRST_TIME_DET
78. F format selecting a single tag for the target Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was report lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt Report gt lt name gt lt CDATA with all parameters PDF with rawLevel false gt lt name gt lt description gt lt CDATA A simple scorecard report gt lt description gt lt format gt PDF lt format gt lt type gt WAS_SCORECARD_REPORT lt type gt lt config gt lt scorecardReport gt lt target gt lt tags gt lt Tag gt lt id gt 243130 lt id gt lt Tag gt lt tags gt lt target gt lt display gt lt contents gt lt ScorecardReportContent gt DESCRIPTION lt ScorecardReportContent gt lt ScorecardReportContent gt SUMMARY lt ScorecardReportContent gt lt ScorecardReportContent gt GRAPHS lt ScorecardReportContent gt lt ScorecardReportContent gt RESULTS lt ScorecardReportContent gt Qualys Web Application Scanning API 203 Chapter 7 Report Creation API Scorecard Report lt contents gt lt graphs gt tA lt ScorecardReportGraph gt VULNERABILITIES_BY_GROUP lt ScorecardReportGra ph gt al RABILI H lt ScorecardReportGraph gt VULN ES_BY_OWASP lt ScorecardReportGra ph gt
79. FROM 0700 ZOFFSETTO 0600 ZNAME MDT DISTART 19670430T020000 END DAYLIGHT BEGIN STANDARD D bi a Gl Qualys Web Application Scanning API Chapter 5 Schedule API Download one or more schedules to iCalendar ZOFFSETFROM 0700 ZOFFSETTO 0700 ZNAME MST DISTART 19740101T000000 END STANDARD END VT IMEZONE BEGIN VEVENT DTSTART TZID America Boise 20111128T140000 DTEND TZID America Boise 20111128T140000 RRULE FREQ DAILY COUNT 1 INTERVAL 1 D U O TSTAMP 20120327T1821462 ID UID_ADDRESS RGANIZER MATLTO EMATL ADDRESS CONTACT John Smith USERNAME CATEGORIES Web Application Vulnerability Scan LOCATION my_scanner DESCRIPTION Type Web Application Vulnerability Scan n Web Application My Apache n Authentication Record None n Option Profile My Apache Site OP n Owner John Smith USERNAME n Owner Phone xxx xxx xxxx n Owner Email mailto EMAIL_ADDRESS n Modified By John Smith USERNAME n Time Zone GMT 06 00 Mountain Standard Time MDT America Boise 2 z Daylight Saving Time On n Duration No run time threshold n Approximat
80. HOD PUBLISH BEGIN VIIMEZONE ZID America Boise TZURL http tzurl org zoneinfo America Boise X LIC LOCATION America Boise BEGIN DAYLIGHT ZOFFSETFROM 0700 ZOFFSETTO 0600 ZNAME MDT DTSTART 20070311T020000 RRULE FREQ YEARLY BYMONTH 3 BYDAY 2SU END DAYLIGHT BEGIN STANDARD ZOFFSETFROM 0600 ZOFFSETTO 0700 ZNAME MST DTSTART 20071104T020000 RRULE FREQ YEARLY BYMONTH 11 BYDAY 1SU ND STANDARD EGIN STANDARD ZOFFSETFROM 074449 TZOFFSETTO 0800 ZNAME PST DTSTART 18831118T121511 END STANDARD BEGIN DAYLIGHT TZOFFSETFROM 0800 D bi Qualys Web Application Scanning API 159 Chapter 5 Schedule API Download one or more schedules to iCalendar 160 ZOFFSETTO 0700 ZNAME PDT DISTART 19180331T020000 END DAYLIGHT BEGIN STANDARD ZOFFSETFROM 0700 ZOFFSETTO 0800 ZNAME PST DISTART 19181027T020000 ND STANDARD EGIN STANDARD TZOFFSETFROM 0800 ZOFFSETTO 0700 ZNAME MST DTSTART 19230513T020000 END STANDARD BEGIN DAYLIGHT ZOFFSETFROM 0700 ZOFFSETTO 0600 ZNAME MWT DTSTART 19420209T020000 END DAYLIGHT BEGIN DAYLIGHT ZOFFSETFROM 0600 ZOFFSETTO 0600 ZNAME MPT DTSTART 19450814T170000 END DAYLIGHT BEGIN STANDARD ZOFFSETFROM 0600 ZOFFSETTO 0700 ZNAME MST DTSTART 19450930T020000 END STANDARD BEGIN DAYLIGHT TZOFFSET
81. LE test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F S2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJl1cjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNVb2tpZTM9Y2 9va211dGhyZWU7IGNVb2tpZ2TI19Y29va211dHdvOyBjb29rawW UxPWNvb2tpZW9uZTSgUEhQUOVTU0LEPWEmMGJkMmI xOGEOMJgyNDRhYWYxNzZiMmI1 ODcwMTY10w0K gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt 246 Qualys Web Application Scanning API Chapter 9 Finding API Search findings lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadIn lt payload gt lt CDATA PA ST 1 gt 1 gt lt payload gt lt request gt lt method gt lt C lt link gt lt CDATA http 10 1 httpS3A 2FS2Flocalhost 2F 4 stance gt H FIL E test2 lt CDATA af DATA GET gt lt method gt 0 26 238 accountcorp 3Cscript320src 3D 20 gt lt link gt lt headers gt lt CDATA U mVmZXJlcjogaH ROCHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNVb2tpZTM9Y29va211dG hyZwU7IGNvb2tpZTI9Y29va2l1ldH
82. ML interface This user guide is intended for application developers who will use the Qualys WAS API About Qualys Qualys Inc NASDAQ QLYS is a pioneer and leading provider of cloud security and compliance solutions with over 7 700 customers in more than 100 countries including a majority of each of the Forbes Global 100 and Fortune 100 The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing compliance and protection for IT systems and web applications Founded in 1999 Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture Accuvant BT Cognizant Technology Solutions Dell SecureWorks Fujitsu HCL Comnet InfoSys NTT Tata Communications Verizon and Wipro The company is also a founding member of the Cloud Security Alliance CSA For more information please visit www qualys com Contact Qualys Support Qualys is committed to providing you with the most thorough support Through online documentation telephone help and direct email support Qualys ensures that your questions will be answered in the fastest time possible We support you 7 days a week 24 hours a day Access support information at www qualys com support Preface 8 Qualys Web Application Scanning API
83. POST Data lt ServiceRequest gt lt data gt lt WasScanSchedule gt lt active gt false lt active gt lt WasScanSchedule gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 1688 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 5 Schedule API Delete one or more existing schedules Delete one or more existing schedules Delete scheduled scans on web applications which are in the user s scope URL Methods allowed Input https qualysapi qualys com gps rest 3 0 delete was wassca nschedule lt id gt or https qualysapi qualys com gps rest 3 0 delete was wassca nschedule lt filters gt POST The id Integer element is required to delete a specific schedule where id identifies a schedule Filters are required to delete schedules based on criteria When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt ele
84. Provide a value for the attribute in the Attribute value element function location or description The attribute length cannot be greater than 64 characters The value for this attribute cannot exceed 64 characters The attribute length cannot be greater than 2048 characters The value for this attribute cannot exceed 2048 characters Qualys Web Application Scanning API Error Message Appendix A Error Messages Resolution lt element gt Element must not be set This element does not apply to this request set Element must contain at least one child The set element requires at least one sub element At least one of the following elements must be set set add remove This request requires at least one of these elements set add or remove headers Length of all headers cannot exceed 2048 characters The values of all headers cannot exceed 2048 characters At least one of the following elements must be set set add remove For an update request you must set at least one of these elements set add or remove UrlEntry Element is required The element UrlEntry must be provided UrlEntry Invalid URL format value Specify a URL like http domain name base url parameters lt parent gt Length of all URLs regular expressions cannot exceed 2048 characters The list of entries for a given type shall not exceed 2048 characters UrlEntry
85. QUALYS Web Application Scanning API User Guide Version 4 2 July 6 2015 CONTINUOUS SECURITY Copyright 2012 2015 by Qualys Inc All Rights Reserved Qualys the Qualys logo and QualysGuard are registered trademarks of Qualys Inc All other trademarks are the property of their respective owners Qualys Inc 1600 Bridge Parkway Redwood Shores CA 94065 1 650 801 6100 CONTENTS Preface Chapter 1 Welcome Get Started BEE 9 Get API No tificat ons denen anna mnansn 9 Introduction to the WAS API Paradigm eneen 10 Base URL to the Qualys API Servet ccesssssccssisesssssssnsssssesssanstsvecsveesssietersassuteseseesestees 16 How to Download Vulnerability Details 17 Chapter 2 Web Application API Current web application counmt En 22 Search web applications sisi casi cases ctesassstvessvessees csstbestavesniscssa haaiesteessistssnisceasneneteeaseniaes 25 Get details for a Web application 29 Created web applicatiomcssss sxc srits ens e eseieind EEE EEE EE 33 Updatea web applieation u aensanenensieenenenenn ame 47 Delete web applications u u uueeeeesesunasetraesnnnannn se 53 Purge web applications a cnsaneratenamamnals aan 56 A E EE 59 Chapter 3 Authentication API Current authentication record count cccccccssccssecessecsscecsecesscesseceasceseeesseceesecseeesscensees 66 Search authentication recorde 69 Get details for an authentication record 72 Create a new authentication record 75 Update an a
86. RATION_DATETIME PCDATA gt lt ELEMENT COMPANY_INFO NAME ADDRESS CITY STATE COUNTRY lt ELEMENT ADDRESS PCDATA gt lt ELEMENT CITY PCDATA gt lt ELEMENT STATE PCDATA gt lt ELEMENT COUNTRY PCDATA gt lt ELEMENT ZIP_CODE PCDATA gt T ZIP_CODE gt lt ELEMENT USER_INFO NAME USERNAME ROLE gt lt ELEMENT USERNAME PCDATA gt lt ELEMENT ROLE PCDATA gt lt SUMMARY gt lt ELEMENT SUMMARY SCAN_SUMMARY VULN_SUMMARY SENSITIVE_CONTI ENT_SUMMARY gt lt ELEMENT SCAN_SUMMARY SCAN_INFO gt lt ELEMENT SCAN_INFO KEY VALUE gt lt ELEMENT KEY PCDATA gt lt ELEMENT VALUE PCDATA gt lt ELEMENT VULN_SUMMARY VULN_GROUP gt Qualys Web Application Scanning API Chapter 4 Scan API Reference WAS Scan Results legacy lt ELEMENT VULN_GROUP TITLE SEVERITY_5 SEVERITY_4 SEVERITY_3 SEVERITY_2 SEVERITY_1 TOTAL gt lt ELEMENT SEVERITY_1 PCDATA gt lt ELEMENT SEVERITY_2 PCDATA gt lt ELEMENT SEVERITY_3 PCDATA gt lt
87. Record gt lt set gt lt authRecords gt lt WebApp gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1929030 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt owner gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt scope gt ALL lt scope gt lt attributes gt lt count gt 0 lt count gt lt attributes gt lt defaultScanner gt lt type gt EXTERNAL lt type gt lt defaultScanner gt lt scannerLocked gt false lt scannerLocked gt lt urlBlacklist gt lt count gt 0 lt count gt lt urlBlacklist gt lt urlWhitelist gt lt count gt 0 lt count gt lt urlWhitelist gt lt postDataBlacklist gt lt count gt 0 lt count gt lt postDataBlacklist gt lt authRecords gt lt count gt 1 lt count gt lt list gt lt W
88. RecordField gt lt name gt some password with true lt name gt lt value gt real password lt value gt lt secured gt true lt secured gt lt WebAppAuthFormRecordField gt lt WebAppAuthFormRecordField gt lt name gt not password with false lt name gt lt secured gt false lt secured gt lt value gt fake password lt value gt lt WebAppAuthFormRecordField gt lt set gt lt fields gt lt formRecord gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA some comments gt lt contents gt lt Comment gt lt set gt lt comments gt lt WebAppAuthRecord gt lt data gt lt ServiceRequest gt Example 3 Create Selenium script POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was webappauthre cord lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 79 Chapter 3 Authentication API Create a new authentication record Request POST Data lt ServiceRequest gt lt http www w3 org TR xhtml1 DTD xhtm lt 1 lt head profile lt data gt lt WebAppAuth lt name gt lt CDATA S lt formReco lt type gt s lt sele Record gt EL rd gt ELENIUM lt type gt niumScript gt ENIUM auth gt lt name gt lt name gt lt CDATA S
89. Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 count was webappauthrec ord lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS gt server lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 3 Authentication API Search authentication records Search authentication records Returns a list of authentication records which are in the user s scope URL https qualysapi qualys com gps rest 3 0 search was webap pauthrecord Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format id Integer updatedDate Date name Text lastSca
90. S gt lt name gt lt da htm Di DOCTYP html xmlns ang en gt 1 PUBLIC ht ML 1 ta gt lt CDATA lt xml version 1 0 encoding UTF 8 gt w3C DTD XH1 0 Strict EN Ll strict dtd gt tp www w3 org 1999 xhtml xml lang en http selenium ide openco org profiles test case gt lt meta http equiv Content Type content text html charset UTF 8 lt link rel sele lt lt lt N N A A DO N A A uat bnpparibas com cib forms login fcc TYPE 33554433 amp R 7 e3816c 3fbf 115e 8bf1 839478260cb3 amp GUID amp SMAUTHREASON 0 amp METHOD GET amp SMAGENTNA R 2bgds 2bPTHEO7mSM 2 fpGkcvnnTMJpZUZloJss49e 2fvYniGjw8bBAc5KSIU3W oxRsmg amp TARGET SM HTTPS 3a 2 f 2fstaging 2eprimebroker 2ecom32f lt td gt lt td gt lt td gt lt tr gt lt tr gt lt td gt type lt td gt lt td gt name USER lt td gt lt td gt bnptestad2 lt td gt 80 gt titel head gt body gt tab thead gt TS tr gt td gt open lt td gt td gt https ssoforms us le cellpadding 1 cellspacing 1 border 1 gt tr gt lt td rowspan 1 colspan 3 gt bnpparisbas staging nptestad2 lt td gt lt tr gt thead gt lt tbody gt nium base href https community qualys com gt le gt bnpparisbas staging bnptestad2 lt title gt EALMOID 06 E SM Qualys Web Application Scanning API Ch
91. S GREATER or LESSER owner name Filter profiles based on owner s full name text with operator CONTAINS first and last EQUALS or NOT EQUALS owner username Filter profiles based on owner s username text with operator CONTAINS like acme_ab3 EQUALS or NOT EQUALS Qualys Web Application Scanning API 217 Chapter 8 Option Profile API Search option profiles Allowed Operators Integer Text Date Keyword Boolean Permissions EQUALS NOT EQUALS GREATER LESSER IN CONTAINS EQUALS NOT EQUALS EQUALS NOT EQUALS GREATER LESSER EQUALS NOT EQUALS IN true false EQUALS NOT EQUALS User must have the WAS application enabled User must have API Access permission Output includes option profiles within the user s scope Example Search criteria POST Request curl u USERNAME PASSWORD data binary e REQUEST Request POST Data lt ServiceRequest gt lt filters gt lt Cri operator IN teria field id H content type Note file xml contains the request POST data gt 832265669 832295669 832285669 lt Cri 218 lt Criteria field name lt Criteria field tags lt Criteria field creat 09 lt Criteria gt lt Criteria 09 lt Criteria gt lt filters gt text xml X https qualysapi qualys com qps rest 3 0 search was optionprofil lt file xml teria
92. Scan API Search scans 96 xsi noNamespaceSchemaLocation https qualysapi qualys cm qps xsd 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt WasScan gt lt id gt 13101 lt id gt lt name gt lt CDATA Vulnerability Scan 2011 02 24 gt lt name gt lt reference gt was 1298538355659 20994 lt reference gt lt type gt VULNERABILITY lt type gt lt mode gt ONDEMAND lt mode gt lt profile gt lt id gt 1072 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt launchedDate gt 2011 02 24T10 05 552 lt launchedDate gt lt launchedBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt launchedBy gt lt status gt RUNNING lt status gt lt WasScan gt lt WasScan gt lt id gt 13102 lt id gt lt name gt lt CDATA Vulnerability Scan 2011 02 24 gt lt name gt lt reference gt was 1298541157873 20995 lt reference gt lt type gt VULNERABILITY lt type gt lt mode gt ONDEMAND lt mode gt lt profile gt lt id gt 1072 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt launchedDate gt 2011 02 24T10 52 372Z lt launchedDate gt lt launchedBy gt lt id gt 123056 l
93. Scanning API Chapter 7 Report Creation API Scan Report Request POST Data lt ServiceRequest gt lt data gt lt Report gt lt name gt lt CDATA with all parameters HITML_ZIPPED gt lt name gt lt description gt lt CDATA A simple scan report gt lt description gt lt format gt HTML_ZIPPED lt format gt lt type gt WAS_SCAN_REPORT lt type gt lt config gt E lt scanReport gt lt target gt lt scans gt lt WasScan gt lt id gt 104268 lt id gt lt WasScan gt lt scans gt lt target gt lt display gt lt contents gt lt ScanReportContent gt DESCRIPTION lt ScanReportContent gt lt ScanReportContent gt SUMMARY lt ScanReportContent gt lt ScanReportContent gt GRAPHS lt ScanReportContent gt lt ScanReportContent gt RESULTS lt ScanReportContent gt lt ScanReportContent gt INDIVIDUAL_RECORDS lt ScanReportContent gt lt ScanReportContent gt RECORD_DETAILS lt ScanReportContent gt lt ScanReportContent gt ALL_RESULTS lt ScanReportContent gt lt ScanReportContent gt APPENDIX lt ScanReportContent gt lt contents gt lt graphs gt Gl tH al lt ScanReportGraph gt VULNERABILITIES_BY_SEVERITY lt ScanReportGraph gt A lt ScanReportGraph gt VULNERABILITIES_BY_GROUP lt ScanReportGraph gt a lt ScanReportGraph gt VULNERABILITIES_BY_OWASP lt ScanReportGraph gt A RABILITIES_BY_W
94. T EQUALS IN Qualys Web Application Scanning API Chapter 7 Report Creation API Report Creation API Permissions User must have the WAS application enabled User must have API Access permission User must have Create Report permission Qualys Web Application Scanning API 193 Chapter 7 Report Creation API Web Application Report Web Application Report A Web Application Report shows the security status of your web applications Input for this report Allowed input elements are listed below The element target is required and at least one of these child elements must be set tags or webapps See Reference Report Creation for descriptions of these elements target tags Tag display contents WebAppReportContent target webapps WebApp display graphs WebAppReportGraph filters searchlists SearchList display groups WebAppReportGroup filters url Text display options rawLevels filters status display groups WebAppFindingStatus WebAppReportGroup filters remediation showPatched Keyword SHOW_ONLY SHOW_NONE SHOW_BOTH default Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN 194 Qualys Web Application Scanning API Chapter 7 Report Creation API Web Application Report Example Create a web application r
95. The lt Report gt element includes sub elements used to define a web application report A reference of these elements is provided below An asterisk indicates a complex element Element data type Description id Integer The report ID This element is assigned by the service and is required for a certain type of request details status update delete send or download name Text The report name maximum 256 characters description Text A description of the report owner This element is assigned by the service and may be specified for an update request only Example lt owner gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA Johns gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt type Text The report type one of WAS_SCAN_REPORT WAS_WEBAPP_REPORT WAS_SCORECARD_REPORT WAS_CATALOG_REPORT DATALIST_REPORT format Text The format of the report one of HTML_ZIPPED HTML_BASE64 PDF PDF_LENCRYPTED POWERPOINT CSV XML WORD tags This element identifies the tags associated with the report Example lt tags gt lt count gt 2 lt count gt lt list gt lt Tag gt lt id gt 99509 lt id gt lt name gt lt CDATA Tag 1 gt lt name gt lt Tag gt lt Tag gt lt id gt 99511 lt id gt lt name gt lt CDATA Tag 2 gt lt name gt lt Tag gt lt list gt lt tags gt
96. The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT Qualys Web Application Scanning API Chapter 1 Welcome How to Download Vulnerability Details Parameter Description last_modified_by_service_after date Optional Used to filter the XML output to show only vulnerabilities last modified by the service after a certain date and time The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT last_modified_by_service_before date Optional Used to filter the XML output to show only vulnerabilities last modified by the service before a certain date and time The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT published_after date Optional Used to filter the XML output to show only vulnerabilities published after a certain date and time The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT published_before date Optional Used to filter the XML output to show only vulnerabilities published before a certain date and time The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT discovery_method value Optional Used to filter the XML output to show only vulnerabilities assigned a certain discovery method A valid value is Remote Authenticated RemoteOnly AuthenticatedOnly or RemoteAndAuthenticated When Authenticated is specified the service shows vulnerabilities that have at least one associated authentic
97. WAS Options gt lt name gt lt profile gt lt scheduling gt lt startDate gt 2014 08 12T18 30 002 lt startDate gt lt timeZone gt lt code gt Europe Paris lt code gt lt offset gt 01 00 lt offset gt lt timeZone gt lt occurrenceType gt WEEKLY lt occurrenceType gt lt cancelTime gt 11 00 lt cancelTime gt lt occurrence gt lt weeklyOccurrence gt lt everyNWeeks gt 2 lt everyNWeeks gt lt onDays gt lt WeekDay gt MONDAY lt WeekDay gt lt WeekDay gt SATURDAY lt WeekDay gt lt WeekDay gt SUNDAY lt WeekDay gt lt onDays gt lt occurrenceCount gt 20 lt occurrenceCount gt lt weeklyOccurrence gt lt occurrence gt 138 Qualys Web Application Scanning API Chapter 5 Schedule API Get schedule details lt cancelAfterNHours gt 11 lt cancelAfterNHours gt lt scheduling gt lt notification gt lt active gt false lt active gt lt notification gt lt launchedCount gt 0 lt launchedCount gt lt lastScan gt lt id gt 14930848885 lt id gt lt name gt lt CDATA Web Application Vulnerability Scan gt lt name gt lt reference gt was 1399921142279 127704 lt reference gt lt launchedDate gt 2014 08 12T18 30 00Z lt launchedDate gt lt status gt FINISHED lt status gt lt scanDuration gt 129 lt scanDuration gt lt lastScan gt lt createdDate gt 2014 08 12T18 00 00Z lt createdDate gt lt createdBy gt lt id gt 123056 lt id gt lt username gt user
98. WebAppAuthFormRecordField gt lt set gt lt fields gt lt formRecord gt lt WebAppAuthRecord gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebAppAuthRecord gt lt id gt 82605 lt id gt lt WebAppAuthRecord gt lt data gt lt ServiceResponse gt 84 Qualys Web Application Scanning API Chapter 3 Authentication API Delete authentication records Delete authentication records Delete an authentication record which is in the user s scope URL https qualysapi qualys com gps rest 3 0 delete was webapp authrecord lt id gt or https qualysapi qualys com gps rest 3 0 delete was webapp authrecord Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format id Integer lastScanDate Date name Text lastScan authStatus Text tags isUsed Boolean created Date Date contents update
99. a suite of API functions for managing authentication records You can select a record as part of the web application settings thus making it the default see the Web Application AP and you can select a record at scan time see the Scan API and Schedule API These operations are available Current authentication record count Search authentication records Get details for an authentication record Create a new authentication record Update an authentication record Delete authentication records Chapter 3 Authentication API Current authentication record count Current authentication record count Input 66 Returns the total number of authentication records in the user s scope Input elements are optional and are used to filter the number of authentication records included in the count URL https qualysapi qualys com gps rest 3 0 count was weba ppauthrecord Methods allowed GET POST Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format id Integer updatedDate Date name Text lastScan date Date tags Integer lastScan authStatus Keyword NOT_USED SUCCESSFUL FAILED or PARTIAL tags id Integer isUsed Boolean tags name Text contents Keyword FORM_STANDAR
100. acme_as lt username gt lt firstName gt lt CDATA Alex gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt scope gt ALL lt scope gt lt attributes gt lt count gt 0 lt count gt lt attributes gt lt defaultProfile gt lt id gt 139359 lt id gt lt name gt lt CDATA 10 Links edit gt lt name gt lt defaultProfile gt lt defaultScanner gt T lt type gt EXT RNAL lt type gt lt defaultScanner gt lt scannerLocked gt false lt scannerLocked gt lt urlBlacklist gt lt count gt 0 lt count gt lt urlBlacklist gt lt urlWhitelist gt lt count gt 0 lt count gt lt urlWhitelist gt lt postDataBlacklist gt lt count gt 0 lt count gt lt postDataBlacklist gt lt authRecords gt lt count gt 1 lt count gt lt list gt lt WebAppAuthRecord gt Qualys Web Application Scanning API Chapter 2 Web Application API Get details for a web application lt id gt 127357 lt id gt lt name gt lt CDATA AR funkytown gt lt name gt lt WebAppAuthRecord gt lt list gt lt authRecords gt lt useRobots gt IGNORE lt useRobots gt lt useSitemap gt false lt useSitemap gt lt malwareMonitoring gt true lt malwareMonitoring gt lt malwareNotification gt true lt malwareNotification gt lt malwareScheduleTime gt 18 00 lt malwareScheduleTime gt lt malwareSche
101. alysapi qualys com qps xsd 3 0 was finding xsd lt responseCode gt SUCC lt count gt 41 lt count gt lt ServiceResponse gt gt ESS lt responseCode gt Qualys Web Application Scanning API Search findings Chapter 9 Finding API Search findings Returns list of findings vulnerabilities sensitive contents information gathered found in web applications which are in the user s scope URL https qualysapi qualys com qps rest 3 0 search was findi ng Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format id Integer ignoredDate Date qid Integer ignoredReason Keyword FALSE_POSITIVE RISK_ACCEPTED or NOT_APPLICABLE name Text group Keyword XSS SQL INFO PATH CC SSN_US or CUSTOM type Keyword VULNERABILITY SENSITIVE_CONTENT or INFORMATION_GATHERED owasp name Text url Text owasp code Integer webapp tags id Integer wasc name Text webapp tags name Text wasc code Integer status Keyword NEW ACTIVE or REOPENED cwe id Integer patch Integer Long firstDetectedDate Date Webapp id Integer lastDetectedDate Date webapps name
102. ame Text status Keyword RUNNING ERROR or COMPLETE Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Permissions User must have the WAS application enabled User must have API Access permission Count includes reports within the user s scope 170 Qualys Web Application Scanning API Chapter 6 Report API Current report count Examples Example 1 Count no criteria GET Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was report Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 12 lt count gt lt responseCode gt SUCCESS lt responseCode gt lt ServiceResponse gt Example 2 Count criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was report lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field id operator IN gt 1302 1303 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 1 lt count gt lt responseCode gt SUCCESS lt r
103. ame gt lt owner gt lt Report gt lt list gt lt data gt lt isDone gt true lt isDone gt lt responseCode gt SUCCESS lt responseCode gt lt responseErrorDetails gt ErrorCodeld gt lt internalErrorCodeld gt 0 lt internall lt responseErrorDetails gt lt ServiceResponse gt 176 Qualys Web Application Scanning API Chapter 6 Report API Get report details Get report details View details for a report which is in the user s scope Want to find a report ID to use as input See Search reports URL https qualysapi qualys com gps rest 3 0 get was report lt id gt Methods allowed GET Input The element id Integer is required where id identifies a report Permissions User must have the WAS application enabled User must have API Access permission Report must be within the user s scope Example Get report details Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was report 1302 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 1302 lt id gt lt name gt lt CDATA Web Application Report 2 gt lt name gt lt type gt WAS_WEBAPP_REPORT lt type gt lt format gt PDF_ENCRYPTED lt format gt lt status gt COMPLETE lt status gt lt size gt 2244667 lt size gt lt creationDate gt 201
104. an option to SPECIFIC Scans launched from this schedule will always use the cancel scan option passed with the schedule settings and will override the target web app s cancel scan setting if set Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was wasscansched ule lt file xml Request POST Data ServiceRequest gt lt data gt lt WasScanSchedule gt lt name gt lt CDATA My Scan Schedule gt lt name gt lt type gt VULNERABILITY lt type gt lt scheduling gt lt cancelAfterNHours gt 7 lt cancelAfterNHours gt lt startDate gt 2015 09 30T13 11 002 lt startDate gt lt timeZone gt lt code gt America Dawson lt code gt Qualys Web Application Scanning API Chapter 5 Schedule API Create a schedule lt timeZone gt lt occurrenceType gt ONCE lt occurrenceType gt lt scheduling gt lt target gt lt webApp gt lt id gt 2376281 lt id gt lt webApp gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt cancelOption gt SPECIFIC lt cancelOption gt lt target gt lt profile gt lt id gt 332147 lt id gt lt profile gt lt WasScanSchedule gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespa
105. apter 3 Authentication API Create a new authentication record lt tr gt lt tr gt lt td gt type lt td gt lt td gt name PASSWORD lt td gt lt td gt S3curltyr0ck lt td gt lt tr gt lt tr gt lt td gt clickAndWait lt td gt lt td gt id ssoButton lt td gt lt td gt lt td gt lt tr gt lt tbody gt lt table gt lt body gt lt html gt gt lt data gt lt regex gt lt CDATA tri gt lt regex gt lt seleniumScript gt lt formRecord gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA some comments gt lt contents gt lt Comment gt lt set gt lt comments gt lt WebAppAuthRecord gt lt data gt lt ServiceRequest gt Example 3 Create server authentication POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was webappauthre cord lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 81 Chapter 3 Authentication API Create a new authentication record Request POST Data lt ServiceRequest gt lt data gt lt WebAppAuthRecord gt lt name gt lt CDATA server auth gt lt name gt lt serverRecord gt lt sslOnly gt true lt sslOnly gt lt certificate gt lt name gt lt CDATA My Certificate gt lt name gt lt contents gt lt CDATA
106. apter 6 Report API Search reports lt status gt COMPLETE lt status gt lt size gt 124578 lt size gt lt creationDate gt 2011 11 25T10 21 25Z lt creationDate gt lt tags gt lt count gt 0 lt count gt lt tags gt lt owner gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt Report gt lt Report gt lt id gt 1282 lt id gt lt name gt lt CDATA Web Application Report 3 gt lt name gt lt type gt WAS_WEBAPP_REPORT lt type gt lt format gt PDF lt format gt lt status gt COMPLETE lt status gt lt size gt 12341234 lt size gt lt creationDate gt 2011 11 24T00 00 00Z lt creationDate gt lt tags gt lt count gt 0 lt count gt lt tags gt lt owner gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt Report gt lt list gt lt data gt lt isDone gt true lt isDone gt lt responseCode gt SUCCESS lt responseCode gt lt responseErrorDetails gt lt internalErrorCodeld gt 0 lt internall lt responseErrorDetails gt lt ServiceResponse gt 174 ErrorCodeld gt Qualys Web Applicatio
107. artDate gt 2012 08 28T08 53 432 lt startDate gt lt endDate gt 2012 10 28T08 53 432 lt endDate gt lt scanDate gt lt url gt lt CDATA mysite fr gt lt url gt lt os gt lt CDATA unix gt lt os gt lt filters gt lt catalogReport gt lt config gt lt Report gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was report xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 5629 lt id gt lt Report gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 7 Report Creation API Reference Report Creation Reference Report Creation The Report config element includes sub elements used to define a web application report type A reference of these elements is provided below An asterisk indicates a complex element Element data type Description name Text A report name maximum 256 characters Applies to all reports target A report target Applies to all reports Example for a web application report lt target gt lt tags gt lt tag gt lt id gt 1234 lt id gt lt tag gt lt tags gt lt webapps gt lt WebApp gt lt id gt 2345 lt id gt
108. ata lt ServiceRequest gt lt filters gt lt Criteria field webApp tags operator NONE gt lt Criteria gt lt filters gt lt ServiceRequest gt Example 2 Count web applications with certain tags POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 count was wasscanschedu le lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field webApp tags id operator EQUALS gt 1516928 lt Criteria gt lt Criteria field webApp tags id operator EQUALS gt 1234567 lt Criteria gt lt filters gt lt ServiceRequest gt Qualys Web Application Scanning API Search schedules Chapter 5 Schedule API Search schedules Returns a list of scheduled scans on web applications which are in the user s scope URL https qualysapi qualys com gps rest 3 0 search was wassca nschedule Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt elements id Integer webApp tags
109. ata gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 224466 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt Example 3 Launch a new scan set cancel scan option Launch a new vulnerability scan on web app ID 2376280 and set the cancel scan option to DEFAULT This forces the use of the target web app s cancelScans option if set Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 launch was wasscan lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 107 Chapter 4 Scan API Launch a new scan Request POST Data lt ServiceRequest gt lt data gt lt WasScan gt lt name gt lt CDATA My Vulnerability Scan gt lt name gt lt type gt VULNERABILITY lt type gt lt target gt lt webApp gt lt id gt 2376280 lt id gt lt webApp gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt cancelOption gt DEFAULT lt cancelOption gt lt target gt lt WasScan gt lt data gt lt Se
110. ate Date owner id Integer updatedDate Date Permissions User must have the WAS application enabled User must have API Access permission User must have Edit WAS Schedule permission Scan target must be within the user s scope Qualys Web Application Scanning API 151 Chapter 5 Schedule API Activate an existing schedule Example 152 Activate a schedule POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was wasscansched ule 1688 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WasScanSchedule gt lt active gt true lt active gt lt WasScanSchedule gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 1688 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 5 Schedule API Deactivate an existing schedule Deactivate an existing schedule Deactivate one or more sched
111. ate gt lt updatedBy gt lt id gt 4354 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt WebAppAuthRecord gt lt data gt lt ServiceResponse gt 74 Qualys Web Application Scanning API Chapter 3 Authentication API Create a new authentication record Create a new authentication record Create a new authentication record URL https qualysapi qualys com qps rest 3 0 create was webapp authrecord Methods allowed POST Input The required input elements are listed below The associated data type for each element appears in parentheses Required Elements Optional Elements name Text tags WebAuthRecord Text comments Permissions User must have the WAS application enabled User must have API Access permission User must have Create Authentication Record permission Example Example 1 Create standard authentication POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was webappauthre cord lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WebAppAuthRecord gt lt name gt lt CDATA STANDARD auth gt lt name gt lt formRecord gt
112. ate time format id Integer ignoredDate Date qid Integer ignoredReason Keyword FALSE_POSITIVE RISK_ACCEPTED or NOT_APPLICABLE name Text group Keyword XSS SQL INFO PATH CC SSN_US or CUSTOM type Keyword VULNERABILITY SENSITIVE_CONTENT or INFORMATION_GATHERED owasp name Text url Text owasp code Integer webapp tags id Integer wasc name Text webapp tags name Text wasc code Integer status Keyword NEW ACTIVE or REOPENED cwe id Integer patch Integer Long firstDetectedDate Date Webapp id Integer lastDetectedDate Date webapps name Text lastTestedDate Date severity Integer timesDetected Integer externalRef String Tip Use operator IS EMPTY for findings with empty external references 238 Qualys Web Application Scanning API Chapter 9 Finding API Current finding count Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS IS EMPTY use with externalRef only Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions The WAS application must be enabled in the user s account User must have API Access permission Count includes findings on web applications within the user s scope Example Example 1 Count no criteria GET Return the n
113. ation type Vulnerabilities that have at least one authentication type can be detected in two ways 1 remotely without using authentication and 2 using authentication discovery_auth_types value Optional Used to filter the XML output to show only vulnerabilities having one or more authentication types A valid value is Windows Oracle Unix or SNMP Multiple values are entered as a comma separated list show_pci_reasons 0 1 Optional Used to filter the XML output to show reasons for passing or failing PCI compliance when the CVSS Scoring feature is turned on in the user s subscription Specify 1 to view the reasons in the XML output When unspecified the reasons are not included in the XML output Qualys Web Application Scanning API 19 Chapter 1 Welcome How to Download Vulnerability Details Sample API Requests These sample requests work on Qualys US Platform 1 where the FODN in the API server URL is qualysapi qualys com Please be sure to replace the FODN with the proper API server URL for your platform For the EU platform use qualysapi qualys eu For a partner platform use the URL for your customer platform API server Sample 1 Request all vulnerabilities in the KnowledgeBase showing basic details curl k u user password H X Requested With Curl X POST d action list https qualysapi qualys com api 2 0 fo knowledge_base vuln gt output txt Sample 2 Request patchable vulnerabi
114. ator NONE SUCCESSFUL FAILED or PARTIAL webApp tags id Integer resultsStatus Keyword NOT_USED TO_BE_PROCESSED NO_HOST_ALIVE NO_WEB_SERVICE TIME_LIMIT_EXCEEDED SCAN_RESULTS_INVALID SUCCESSFUL PROCESSING reference Text 94 Qualys Web Application Scanning API Chapter 4 Scan API Search scans Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions User must have the WAS application enabled User must have API Access permission Output includes scans on web applications within the user s scope Examples Example 1 List running scans POST Return a list of all running scans in the user s account Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field status operator EQUALS gt RUNNING lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance Qualys Web Application Scanning API 95 Chapter 4
115. b myapp com startingUri param true gt lt L gt lt CDATA http corpl myapp com startingUri param t rue param2 lse gt lt Url gt lt Url gt lt CDATA http corpl myapp com gt lt Url gt L gt lt CDATA http corpl myapp com startingUri param true gt lt Ur lt Url gt lt CDATA http corp2 ab myapp com gt lt Url gt Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application Url gt lt CDATA https corp2 ab myapp com gt lt Url1 gt Url gt lt CDATA lhttp corp2 ab myapp com gt lt Url gt Url gt lt CDATA https corp2 ab myapp com 443 gt lt Url1 gt lt Url gt lt CDATA http corpl myapp com startingUri gt lt Url gt lt Url gt lt CDATA https corpl myapp com 443 gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com startingUri gt lt Url gt lt Url gt lt CDATA http corpl myapp com 8080 gt lt Url gt lt Url gt lt CDATA https corp2 ab myapp com 8080 otherUri gt lt Url gt lt Url gt lt CDATA https corpl myapp com gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com startingUri gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com 443 startingUri param true amp param2 false gt lt Url gt lt list gt lt uris gt lt attributes gt lt count gt 3 lt count gt lt list gt
116. bAppAuthRecord gt lt id gt 82605 lt id gt lt name gt lt CDATA Form Only gt lt name gt lt owner gt lt id gt 630926 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt tags gt lt count gt 3 lt count gt lt tags gt lt createdDate gt 2013 10 24T04 32 142 lt createdDate gt lt updatedDate gt 2013 10 24T07 45 052 lt updatedDate gt lt WebAppAuthRecord gt lt WebAppAuthRecord gt lt id gt 82606 lt id gt lt WebAppAuthRecord gt lt WebAppAuthRecord gt lt id gt 82607 lt id gt 70 Qualys Web Application Scanning API Chapter 3 Authentication API Search authentication records lt WebAppAuthRecord gt lt data gt lt ServiceResponse gt Example 2 Search criteria POST Return authentication record ID 82605 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 search was webappauthre cord lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field id operator EQUALS gt 82605 lt Criteria gt lt filters gt lt ServiceRequest gt Qualys Web Application Scanning API 71 Chapter 3 Authentication API Get details for an authent
117. bility Several optional parameters allow you specify filters When filter parameters are specified these parameters are ANDed Parameter Description action list Required A flag used to request the download of vulnerability data from the KnowledgeBase echo_request 0 1 Optional Show echo the request s input parameters names and values in the XML output When unspecified parameters are not included in the XML output Specify 1 to view parameters in the XML output details Basic All None Optional Show the requested amount of information for each vulnerability in the XML output A valid value is Basic default All or None Basic includes basic elements plus CVSS Base and Temporal scores All includes all vulnerability details including the Basic details Qualys Web Application Scanning API 17 Chapter 1 Welcome How to Download Vulnerability Details 18 Parameter Description ids value Optional Used to filter the XML output to include only vulnerabilities that have QID numbers matching the QID numbers you specify id_min value Optional Used to filter the XML output to show only vulnerabilities that have a QID number greater than or equal to a QID number you specify id_max value Optional Used to filter the XML output to show only vulnerabilities that have a QID number less than or equal to a QID number you specify is_patchable 0 1 Optional Us
118. canning is enabled for the subscription When Progressive Scanning is enabled for the subscription if progressiveScanning option is not specified during CREATE request by default the option will be enabled for the web application API request create curl u USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was webapp lt file xml file xml contains the request POST data lt ServiceRequest gt lt data gt lt WebApp gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt progressiveScanning gt false lt progressiveScanning gt lt WebApp gt lt data gt lt ServiceRequest gt XML output lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema Qualys Web Application Scanning API Chapter 10 Progressive Scanning Web Application API instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1912949 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt scannerLocked gt false lt scannerLocked gt lt progressiveScanning gt false lt pro
119. ce xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 15 lt count gt lt ServiceResponse gt Example 2 Count criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was wasscanschedu le lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field type operator EQUALS gt DISCOVERY lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt Qualys Web Application Scanning API 129 Chapter 5 Schedule API Current schedule count 130 lt responseCode gt SUCCESS lt responseCode gt lt count gt 3 lt count gt lt ServiceResponse gt Example 3 Count web applications without tags POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was wasscanschedu le lt file xml Note file xml contains the request POST data Request POST D
120. ceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 325624 lt id gt lt name gt lt CDATA My Scan Schedule gt lt name gt lt owner gt lt id gt 2086786 lt id gt lt username gt acme_tp16 lt username gt lt firstName gt lt CDATA FIRSTNAME gt lt firstName gt lt lastName gt lt CDATA LASTNAME gt lt lastName gt lt owner gt lt active gt true lt active gt lt type gt VULNERABILITY lt type gt lt target gt lt webApp gt Qualys Web Application Scanning API 145 Chapter 5 Schedule API Create a schedule 146 lt id gt 2376281 lt id gt lt name gt lt CDATA My Web App gt lt name gt lt url gt lt CDATA http 10 10 26 238 gt lt url gt lt webApp gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt cancelOption gt SPECIFIC lt cancelOption gt lt target gt lt progressiveScanning gt DEFAULT lt progressiveScanning gt lt profile gt lt id gt 332147 lt id gt lt name gt lt CDATA 10 links gt lt name gt lt profile gt lt scheduling gt lt startDate gt 2015 09 30T13 11 002 lt startDate gt lt timeZone gt lt code gt America Dawson lt code gt lt offset gt 07 00 lt offset gt lt timeZone gt lt occu
121. chant and have an ID greater than 323000 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gqps rest 3 0 purge was webapp lt file xml Note file xml contains the request POST data Request POST data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS gt Merchant lt Criteria gt lt Criteria field id operator GREATER gt 323000 lt Criteria gt Qualys Web Application Scanning API 57 Chapter 2 Web Application API Purge web applications lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 3 lt count gt lt data gt lt WebApp gt lt id gt 323126 lt id gt lt WebApp gt lt WebApp gt lt id gt 324256 lt id gt lt WebApp gt lt WebApp gt lt id gt 323476 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt 58 Qualys Web Application Scanning API Reference WebApp Chapter 2 Web Application API Reference WebApp The lt WebApp gt element includes sub elements used to define a web application A reference of these elements is provided below An asterisk indicates a comple
122. count gt 4 lt count gt lt list gt lt Tag gt lt id gt 152743 lt id gt lt name gt lt CDATA Asset Groups gt lt name gt lt Tag gt lt Tag gt lt id gt 217118 lt id gt lt name gt lt CDATA AUG 27 gt lt name gt lt Tag gt lt Tag gt lt id gt 153442 lt id gt lt name gt lt CDATA Malware Domain Assets gt lt name gt lt Tag gt lt Tag gt lt id gt 216368 lt id gt lt name gt lt CDATA Asset name rule gt lt name gt lt Tag gt lt list gt lt tags gt lt comments gt lt count gt 1 lt count gt lt list gt lt Comment gt lt contents gt lt CDATA some additional comments gt lt contents gt lt createdDate gt 2013 10 18T17 57 322 lt createdDate gt Qualys Web Application Scanning API 45 Chapter 2 Web Application API Create a web application 46 lt Comment gt lt list gt lt comments gt lt isScheduled gt false lt isScheduled gt lt createdBy gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt createdDate gt 2013 10 18T17 57 322 lt createdDate gt lt updatedBy gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt
123. d Time in UTC format Enumeration allowed options separated by comma Other Specify criteria value s as lt type gt Qualys Web Application Scanning API Appendix A Error Messages Sample Messages Authorization Sample messages related to authorization errors are shown below Error Message Resolution Element Validation You are not authorized to access the You must be granted the API Access permission in application through the API your roles and scopes You do not have access to module Web Please contact your account manager to have WAS Application Scanning required by this API enabled in your subscription No data shall be passed for this operation The POST request does not specify a data element User is not authorized to perform this You must be granted access to these objects in your operation on specified object s user scope Operation s does not support search Do not provide search filers for this operation filters Quota of web application has been Please check with your account manager to exceeded purchase new applications Sample Messages Report Storage Limit A sample message related to report storage limit is shown below Error Message Resolution Element Validation Your subscription user storage limit of Delete existing reports and try again lt NB gt Mb has been reached Qualys Web Application Scanning API 277 Appendix A Error Messages 2
124. date and time of the most recent update of the schedule in UTC date time format YYYY MM DDTHH MM SSZ updatedBy The user who updated the schedule Example lt updatedBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt Qualys Web Application Scanning API 165 Chapter 5 Schedule API Reference WasScanSchedule 166 Element data type Description scheduling The schedule settings lt cancelAfterNHours gt is the number of hours after which the scan task will be cancelled lt cancelTime gt is the time at which a scan will be cancelled lt startDate gt is the date and time the scan will begin lt timeZone gt is the time zone that applies to the schedule lt occurence gt defines frequency of the task SINGLE DAILY WEEKLY or MONTHLY Example of weekly scan with the lt cancelAfterNHours gt option lt scheduling gt lt cancelAfterNHours gt 11 lt cancelAfterNHours gt lt startDate gt 2012 02 02T10 10 002 lt startDate gt lt timeZone gt lt code gt Europe Paris lt code gt lt timeZone gt lt occurrenceType gt WEEKLY lt occurrenceType gt lt occurrence gt lt weeklyOccurrence gt lt everyNWeeks gt 2 lt everyNWeeks gt lt occurrenceCount gt 20 lt occurrenceCount gt lt onDays gt lt WeekDay gt MONDAY lt WeekDay gt l
125. duleTimeZone gt lt code gt America Dawson lt code gt lt offset gt 07 00 lt offset gt lt malwareScheduleTimeZone gt lt tags gt lt count gt 4 lt count gt lt lt Tag gt lt id gt 1730872 lt id gt lt name gt lt CDATA new tag gt lt name gt lt Tag gt lt Tag gt lt id gt 1418973 lt id gt lt name gt lt CDATA Cert Tag gt lt name gt lt Tag gt lt Tag gt lt id gt 1693034 lt id gt lt name gt lt CDATA My Tag name gt lt name gt lt Tag gt lt Tag gt lt id gt 1693032 lt id gt lt name gt lt CDATA Groovy tag 1 gt lt name gt lt Tag gt lt list gt lt tags gt lt comments gt lt count gt 0 lt count gt lt comments gt lt isScheduled gt false lt isScheduled gt lt lastScan gt lt id gt 827468 lt id gt Qualys Web Application Scanning API 31 Chapter 2 Web Application API Get details for a web application 32 lt name gt lt CDATA Web Application Vulnerability Scan CUSTOM PARAM TEST gt lt name gt lt lastScan gt lt createdBy gt lt id gt 4354 lt id gt lt username gt acme_as lt username gt lt firstName gt lt CDATA Alex gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt createdDate gt 2014 07 24T09 08 492 lt createdDate gt lt updatedBy gt lt id gt 4354 lt id gt lt username gt acme_as lt username gt lt firstName gt lt CD
126. dvOoyBjb29raW UxPWNvb2tpZW9UZTSQgUEhQUOVT Y2VmZzWNjOwOK gt lt headers gt lt request lt response 200 OK gt lt response gt lt payload lt offse lt lengt UOLEPT EyY2IlYzhhNTYwMDR jYWM2MDY2N2MOZTqQO gt gt lt CDATA HTTP 1 1 lt CDATA T EST2 1 gt Responce gt t gt 232 lt offset gt h gt 36 lt length gt lt payloadResponce gt lt PayloadI lt PayloadIn lt payload gt lt CDATA PATH FIL ST 1 gt 1 gt lt payload gt nstance gt stance gt E test2 lt CDATA lt request gt lt method gt lt CDATA G lt link gt lt CDATA http 10 1 ET gt lt method gt 0 26 238 accountcorp 3Cscript320src 3D http 3A 2F 2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJlcjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va2lld6GhyZWU7IGNvb2tpZTI9Y29va2lldHdvoyBjb29raw UxPWNvb2tpZW9uZTsgUEhQUOVTUOLEPTJJYTMXxOTK5Y2VLYTBmMZIZNDRhMZgyNZEZ MWJmYTAxOwOK gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt list gt lt payloads gt Qualys Web Application Scanning API 247 Chapter 9 Finding API Search findings lt Result gt
127. e Date Filter by created date UTC date time format updatedDate Date Filter by last updated date UTC date time format usedByWebApps Filter profiles if used not used by web Boolean with operator applications EQUALS or NOT EQUALS usedBySchedules Filter profiles if used not used by scan Boolean with operator schedules EQUALS or NOT EQUALS owner id Filter profiles based on owner s user ID Long with operator EQUALS IN NOT EQUALS GREATER or LESSER owner name Filter profiles based on owner s full name text with operator CONTAINS first and last EQUALS or NOT EQUALS owner username Filter profiles based on owner s username text with operator CONTAINS like acme_ab3 EQUALS or NOT EQUALS 214 Qualys Web Application Scanning API Allowed Operators Chapter 8 Option Profile API Current option profile count Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions User must have the WAS application enabled User must have API Access permission Count includes option profiles within the user s scope Examples Example 1 Count no criteria GET Request u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was optionprofile curl JE Response lt xml version
128. e gt lt CDATA http rg whitelist gt lt UrlEntry gt lt UrlEntry gt lt CDATA http url whitelist 2 ab myapp com gt lt UrlEntr y gt lt UrlEntry regex false gt lt CDATA http url whitelist 3 ab myapp com gt lt UrlEntry gt lt set gt lt urlWhitelist gt lt postDataBlacklist gt lt set gt lt UrlEntry regex true gt lt CDATA http rg postdatblacklist ab myapp com gt lt UrlEntry gt lt UrlEntry regex true gt lt CDATA http rg postdatblacklist gt lt UrlEntry gt lt set gt lt postDataBlacklist gt lt comments gt lt set gt lt Comment gt lt contents gt lt CDATA some additional comments gt lt contents gt lt Comment gt lt set gt lt comments gt lt WebApp gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 1912750 lt id gt lt name gt lt CDATA My Web Application gt lt name gt Qualys Web Application Scanning API 41 Chapter 2 Web Application API Create a web application lt url gt lt CDATA http www exam
129. e Duration Not Available n Occurs Every 1 day End after 1 occurrence 1 remaining Scanner Appliance my_scanner n Targets My Web AppNone n Notification Off n UMMARY My Web App Scan Schedule Active REATED 20111128T2045342 AST MODIFIED 20111128T210007Z EQUENCE O TATUS CONF IRM RANSP TRANSPARENT END VEVENT Do mo Pi CO Gl U Qualys Web Application Scanning API 161 Chapter 5 Schedule API Download one or more schedules to iCalendar END VCALENDAR Example 2 Download with criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 download was wasscansch edule lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field active operator EQUALS gt false lt Criteria gt lt Criteria field name operator CONTAINS gt WEEKLY lt Criteria gt lt filters gt lt ServiceRequest gt 162 Qualys Web Application Scanning API Chapter 5 Schedule API Reference WasScanSchedule Reference WasScanSchedule The lt WasScanSchedule gt element includes sub elements used to define a web application scan schedule A reference of these elements is provided below An asterisk indicates a complex element Element data
130. e described below lt baseurl gt The Qualys API server URL that you should use for API requests depends on the platform where your account is located The base URL for Qualys US Platform 1 is https qualysapi qualys com lt operation gt The request operation such as get a list get a count search create and update lt module gt The API module For the WAS API the module is was lt object gt The module specific object lt object_id gt Optional The module specific object ID if appropriate Making Requests with an XML Payload While it is still possible to create simple API requests using the GET method you can create API requests using the POST method with an XML payload to make an advanced request The XML payloads can be compared to a scripting language that allows user to make multiple actions within one single API request like adding a parameter to an object and updating another parameter The XML structure of the payload is described in the XSD files Using Curl Curl is a multi platform command line tool used to transfer data using multiple protocols This tool is supported on manu systems including Windows Unix Linux and Mac In this document Curl is used in the examples to build WAS API requests using the HTTP over SSL https protocol which is required by the Qualys WAS API framework Want to learn more Visit http curl haxx se Qualys Web Application Scanning API Chapt
131. e message gt lt message gt lt notification gt Qualys Web Application Scanning API 167 Chapter 5 Schedule API Reference WasScanSchedule 168 Qualys Web Application Scanning API CHAPTER Report API The WAS Report API provides a suite of API functions for managing web application reports across the enterprise These operations are available Current report count Search reports Get report details Get report status Download a report Send an encrypted PDF report Update a report Delete one or more existing reports Chapter 6 Report API Current report count Current report count Returns the total number of reports in the user s scope URL Methods allowed Input https qualysapi qualys com gps rest 3 0 count was report GET POST Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference Report for descriptions of these lt Report gt elements id Integer creationDate Date name Text type Keyword WAS_SCAN_REPORT WAS_WEBAPP_REPORT WAS_SCORECARD_REPORT WAS_CATALOG_REPORT or DATALIST_REPORT tags id Integer format Keyword HTML_ZIPPED HTML_BASE64 PDF PDF_ENCRYPTED CSV XML POWERPOINT or WORD tags n
132. e the WAS application enabled User must have API Access permission Count includes scans on web applications within the user s scope Examples Example 1 Count no criteria GET Return a count of all scans in the user s account Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was wasscan Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 534 lt count gt lt ServiceResponse gt Qualys Web Application Scanning API 91 Chapter 4 Scan API Current scan count Example 2 Count criteria POST Return a count of scans that match all the criteria defined in the request POST data 1 scan name contains the word Schedule 2 scan type is VULNERABILITY 3 the scanned web application contains the word Merchant and 4 the scan status is equal to FINISHED Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS g
133. e xml contains the request POST data Specify an empty file since no search criteria is being specified Example 4 List active schedules criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was wasscansched ule lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 135 Chapter 5 Schedule API Search schedules 136 Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field active operator EQUALS gt true lt Criteria gt lt Criteria field type operator EQUALS gt VULNI ERABILITY lt Criteria gt lt filters gt lt ServiceRequest gt Qualys Web Application Scanning API Chapter 5 Schedule API Get schedule details Get schedule details View details for a scheduled scan on a web application which is in the user s scope Want to find a schedule ID to use as input See Search schedules URL https qualysapi qualys com qps rest 3 0 get was wassc anschedule lt id gt Methods allowed GET Input The element id Integer is required where id identifies a scan Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the user s scope Example Example 1 View schedule details GET Request
134. e xml that will be passed to API request as a POST payload According to the lt lastId gt element returned in the first page you want the next page of results to start with the object ID 124 or greater curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com aps rest 3 0 search was webapp lt file xml Request POST Data for Request 2 You ll notice the operator field value is set to 123 which is the value returned in lt lastld gt of the previous page output The GREATER operator is a logical greater than it does not mean greater than or equal to lt ServiceRequest gt lt filters gt lt Criteria field name Qualys Web Application Scanning API Chapter 1 Welcome Introduction to the WAS API Paradigm operator CONTAINS gt Merchant lt Criteria gt lt Criteria field id operator GREA lt filters gt lt ServiceRequest gt ER gt 123 lt Criteria gt HI Setting the Custom Page Size The service request needs to contain the lt preferences gt section with the lt limitResults gt parameter For the lt limitResults gt parameter you can enter a value from 1 to 1 000 lt ServiceRequest gt lt filters gt lt Criteria gt lt Criteria gt lt filters gt lt preferences gt lt limitResults gt 200 lt limitResults gt lt preferences gt lt ServiceRequest gt Authentication The application must aut
135. ebAppAuthRecord gt lt id gt 77350 lt id gt lt name gt lt CDATA My Authentication Record gt lt name gt lt WebAppAuthRecord gt lt list gt lt useRobots gt IGNORE lt useRobots gt Qualys Web Application Scanning API 37 Chapter 2 Web Application API Create a web application 38 lt WebApp gt lt data gt lt ServiceResponse gt Example 3 Create all criteria POST Create a new web application with the name My Web Application and the starting URL http www example com The web application is assigned custom settings as defined in the request POST data Request curl n USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was webapp lt file xml Note file xml contains the request POST data Request POST data lt ServiceRequest gt lt data gt lt WebApp gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http www example com gt lt url gt lt scope gt DOMAINS lt scope gt lt domains gt lt set gt lt Domain gt lt CDATA corp2 ab myapp com gt lt Domain gt lt Domain gt lt CDATA corpl myapp com gt lt Domain gt lt set gt lt domains gt lt uris gt lt set gt lt Url gt lt CDATA http corpl myapp com gt lt Url gt lt Url gt lt CDATA http corpl myapp com gt
136. ed to filter the XML output to show only vulnerabilities that are patchable or not patchable A vulnerability is considered patchable when a patch exists for it When 1 is specified only vulnerabilities that are patchable will be included in the output When 0 is specified only vulnerabilities that are not patchable will be included in the output When unspecified patchable and unpatchable vulnerabilities will be included in the output last_modified_after date Optional Used to filter the XML output to show only vulnerabilities last modified after a certain date and time When specified vulnerabilities last modified by a user or by the service will be shown The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT last_modified_before date Optional Used to filter the XML output to show only vulnerabilities last modified before a certain date and time When specified vulnerabilities last modified by a user or by the service will be shown The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT last_modified_by_user_after date Optional Used to filter the XML output to show only vulnerabilities last modified by a user after a certain date and time The date time is specified in YYYY MM DD THH MM SSZ format UTC GMT last_modified_by_user_before date Optional Used to filter the XML output to show only vulnerabilities last modified by a user before a certain date and time
137. ents in our API Therefore these characters will be replaced in the base64 contents will be replaced with _ will be replaced with Input The element id Integer is required where id identifies a web application Permissions User must have the WAS application enabled User must have API Access permission Web application must be within the user s scope Example Details criteria GET View details for the web application with the ID 95345 Request curl n u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was webapp 2130421 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt Qualys Web Application Scanning API 29 Chapter 2 Web Application API Get details for a web application 30 lt responseCode gt SUCC lt count gt 1 lt count gt lt data gt lt WebApp gt https Linux lt id gt 2130421 lt id gt lt name gt lt CDATA CUSTO lt url gt lt CDATA PARAM T ESS lt responseCode gt T EST gt lt name gt funkytown acme01 acme com Forms FormFields temp gt lt url gt lt os gt Linux 2 4 2 6 Embedded 2 6 lt os gt lt owner gt lt id gt 4354 lt id gt Device F5 Networks Big IP lt username gt
138. eport Create a web application report in encrypted PDF format setting both tags and web applications for the target Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was report lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt Report gt lt name gt lt CDATA API Web Application Report gt lt name gt lt description gt lt CDATA Encrypted PDF WebApp report gt lt description gt lt format gt PDF_ENCRYPTED lt format gt lt password gt PASSWORD lt password gt lt distributionList gt Soc gt lt EmailAddress gt email domain com lt EmailAddress gt lt set gt lt distributionList gt lt type gt WAS_WEBAPP_REPORT lt type gt lt config gt lt webAppReport gt lt target gt lt tags gt lt Tag gt lt id gt 7821676 lt id gt lt Tag gt lt tags gt lt webapps gt lt WebApp gt lt id gt 28510007 lt id gt lt WebApp gt lt webapps gt Qualys Web Application Scanning API 195 Chapter 7 Report Creation API Web Application Report lt target gt lt display gt lt contents gt lt WebAppReportContent gt DESCRIPTION lt WebAppReportContent gt lt WebAppReportContent gt S lt WebAppReportContent gt G UMMARY lt WebAppReportContent gt RAPHS lt WebAppReportContent g
139. er s scope Example 110 Download results of ascan Download the results of the scan with the ID 174726 Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 download was wasscan 17 4726 Qualys Web Application Scanning API Chapter 4 Scan API Retrieve the results of a scan Response lt xml version 1 0 encoding UTF 8 gt lt WasScan xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt id gt 174726 lt id gt lt name gt lt CDATA My Web Application Scan gt lt name gt lt reference gt was 1328563860860 218807 lt reference gt lt type gt VULNERABILITY lt type gt lt mode gt API lt mode gt lt target gt lt webApp gt lt id gt 952835 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA https example com gt lt url gt lt webApp gt lt scannerAppliance gt lt type gt INTERNAL lt type gt lt friendlyName gt lt CDATA is_quays_tc321 gt lt friendlyName gt lt scannerAppliance gt lt target gt lt profile gt lt id gt 6714 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt options gt lt count gt 10 lt count gt lt list gt lt WasScanOption gt lt name gt Detection Scope lt name gt lt value gt COMPLETE lt value gt lt Wa
140. er is required where id identifies an authentication record Permissions User must have the WAS application enabled User must have API Access permission The authentication record must be within the user s scope Example Update authentication record settings POST Update the settings for authentication record ID 82605 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was webappauthre cord 82605 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WebAppAuthRecord gt lt name gt lt CDATA Form and Server Auth gt lt name gt lt serverRecord gt lt sslOnly gt true lt sslOnly gt lt fields gt lt set gt lt WebAppAuthServerRecordField gt lt type gt DIGEST lt type gt Qualys Web Application Scanning API 83 Chapter 3 Authentication API Update an authentication record lt domain gt realm lt domain gt lt username gt lt CDATA u gt lt username gt lt password gt p lt password gt lt WebAppAuthServerRecordField gt lt set gt lt fields gt lt serverRecord gt lt formRecord gt lt type gt STANDARD lt type gt lt sslOnly gt true lt sslOnly gt lt fields gt lt set gt lt WebAppAuthFormRecordField gt lt name gt username lt name gt lt value gt Login lt value gt lt
141. er 1 Welcome Introduction to the WAS API Paradigm The following Curl options are used according to different situations Option Description u LOGIN PASSWORD This option is used for basic authentication X POST This option is used to provide a method other than the default method GET H content type This option is used to provide a custom HTTP request header parameter for content type to specify the MIME type of the curl s payload data binary This option is used to specify the POST data See the examples below The sample below shows a typical Curl request using options mentioned above and how they interact with each other The option X POST tells Curl to execute the request using the HTTP POST method The option data binary tells Curl to read the POST data from its standard input stdin The string lt file xml is interpreted by the shell to redirect the content of the file to the stdin of the command The option H content type text xml tells Curl the POST data in file xml is XML in text format curl H content type text xml X POST data binary https example com lt file xml This documentation uses Curl examples showing the POST data in the file xml file This is referred to as Request POST Data This can also be referred to as the Payload Qualys Web Application Scanning API 11 Chapter 1 Welcome Introduction
142. esponseCode gt lt ServiceResponse gt Qualys Web Application Scanning API 171 Chapter 6 Report API Search reports Search reports Returns a list of reports which are in the user s scope URL Methods allowed POST Input https qualysapi qualys com gps rest 3 0 search was report Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference Report for descriptions of these lt Report gt elements id Integer creationDate Date name Text type Keyword WAS_SCAN_REPORT WAS_WEBAPP_REPORT WAS_SCORECARD_REPORT WAS_CATALOG_REPORT or DATALIST_REPORT tags format Keyword HTML_ZIPPED HTML_BASE64 PDF PDF_ENCRYPTED CSV XML POWERPOINT or WORD tags id Integer status Keyword RUNNING ERROR or COMPLETE tags name Text Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Permissions User must have the WAS application enabled User must have API Access permission Output includes reports within the user s scope 172 Qualys Web Application Scanning API Examples Chapter
143. esponseCode gt lt count gt 1 lt count gt lt data gt lt OptionProfile gt lt id gt 834275669 lt id gt lt OptionProfile gt lt data gt lt ServiceResponse gt Example 2 Delete multiple option profiles POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 delete was optionprofil e lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS gt OP lt Criteria gt lt Criteria field updatedDate operator LESSER gt 2014 09 09 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 10 lt count gt Qualys Web Application Scanning API 235 Chapter 8 Option Profile API Delete an option profile 236 lt data gt lt Option lt id gt 7 lt Optio lt Option lt id gt 7 lt Optio lt Option lt id gt 7 lt Optio lt Option lt id gt 7 lt Optio lt Option lt id gt 8 lt Optio lt Option lt id gt 8 lt Optio lt Option lt id gt 8 lt Optio lt Option lt id gt 8 lt Optio lt Option lt
144. ethods allowed GET Input The element id Integer is required where id identifies a report Permissions User must have the WAS application enabled User must have API Access permission Report must be within the user s scope Example Get report status Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 status was report 1302 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 1302 lt id gt lt status gt COMPLETE lt status gt lt Report gt lt data gt lt responseCode gt SUCCESS lt responseCode gt lt ServiceResponse gt Qualys Web Application Scanning API 179 Chapter 6 Report API Download a report Download a report Download a report which is in the user s scope URL https qualysapi qualys com qps rest 3 0 download was report lt id gt Methods allowed GET Input The elements id Integer is required where id identifies a report Permissions User must have the WAS application enabled User must have API Access permission Report must be within the user s scope Example Get report status Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 download was report 130 SD Response Report ID 1302 will be downloaded in the format
145. ext The user defined scan name maximum 256 characters target The target of the scan The target includes the web application and authentication records if any lt scannerAppliance gt type Keyword is set to INTERNAL for a scanner appliance or EXTERNAL for external scanners If the type is INTERNAL friendlyName Text is the user defined appliance name lt cancelOption gt set to DEFAULT Forces the use of the target web app s cancelScans option if set else fall back to the one passed in to the API while launching the scan lt cancelOption gt set to SPECIFIC Always use the cancel scan option passed while launching the scan Example lt target gt lt webApp gt lt id gt 323126 lt id gt lt webApp gt lt webAppAuthRecord gt lt id gt 1054 lt id gt lt webAppAuthRecord gt lt scannerAppliance gt lt type gt Internal lt type gt lt friendlyName gt dp_scanner lt friendlyName gt lt scannerAppliance gt lt cancelOption gt DEFAULT lt cancelOption gt lt target gt type Keyword The scan type VULNERABILITY or DISCOVERY Qualys Web Application Scanning API 121 Chapter 4 Scan API Reference WasScan Element data type Description profile id Integer The name of the option profile that includes scan settings The service provides the profile Initial WAS Options and we recommend this to get started Example lt profile gt lt name gt Initial WAS Options lt na
146. gory gt lt value gt Business Description Value UPDATED lt value gt lt Attribute gt lt update gt lt attributes gt lt defaultProfile gt lt id gt 1024 lt id gt lt defaultProfile gt lt defaultScanner gt lt type gt INTERNAL lt type gt lt friendlyName gt SA 123 lt friendlyName gt lt defaultScanner gt lt urlBlacklist gt lt set gt lt UrlEntry gt lt CDATA http url blacklist 1 mywebapp com gt lt UrlEntr y gt lt UrlEntry regex false gt lt CDATA http url blacklist 2 mywebapp com gt lt Url Entry gt lt UrlEntry regex true gt lt CDATA http rg blacklist com gt lt UrlEntry gt lt set gt lt urlBlacklist gt lt urlWhitelist gt lt set gt lt UrlEntry gt lt CDATA http url whitelist 1 mywebapp com gt lt UrlEntr y gt lt UrlEntry regex false gt lt CDATA http url whitelist 2 mywebapp com gt lt Url 50 Qualys Web Application Scanning API Chapter 2 Web Application API Update a web application Entry gt lt UrlEntry regex true gt lt CDATA http rg whitelist mywebapp com gt lt Ur l try gt Gl vi lt set gt lt urlWhitelist gt lt postDataBlacklist gt lt set gt lt UrlEntry regex true gt lt CDATA http url postdatablacklist 1 mywebapp com gt lt UrlEntry gt lt UrlEntry regex true gt lt CDATA http url postdatablacklist 2 mywebapp com gt lt
147. gressiveScanning gt XML output error If Progressive Scanning is not enabled for the subscription the progressiveScanning element cannot not be provided otherwise an error will be returned lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt INVALID_REQUEST lt responseCode gt lt responseErrorDetails gt lt errorMessage gt Progressive scanning is not enabled in your subscription lt errorMessage gt lt errorResolution gt Please check with your account manager to enable this option lt errorResolution gt lt responseErrorDetails gt lt ServiceResponse gt GET web application If Progressive Scanning is enabled for the subscription the progressiveScanning element is displayed in GET call responses If Progressive Scanning is not enabled for the subscription the element is not included For all existing web applications created prior to WAS 4 0 the value will be set to TRUE by default API request Qualys Web Application Scanning API 261 Chapter 10 Progressive Scanning Web Application API 262 curl n u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was webapp 323102 XML output lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com
148. gt operator CONTAINS gt OP lt Criteria gt operator NON dDate E gt lt Criteria gt field updat dDate operator ESS ER gt 2014 09 ESS operator ER gt 2014 09 Qualys Web Application Scanning API Chapter 8 Option Profile API Search option profiles lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt OptionProfile gt lt id gt 832285669 lt id gt lt name gt lt CDATA My Option Profile gt lt name gt lt owner gt lt id gt 8792415669 lt id gt lt username gt acme_ww lt username gt lt firstName gt lt CDATA Walter gt lt firstName gt lt lastName gt lt CDATA White gt lt lastName gt lt owner gt lt tags gt lt count gt 0 lt count gt lt tags gt lt createdDate gt 2014 09 08T23 16 072 lt createdDate gt lt updatedDate gt 2014 09 08T23 16 072 lt updatedDate gt lt OptionProfile gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 219 Chapter 8 Option Profile API Get details for an option profile Get details fo
149. gt lt isDefault gt false lt isDefault gt lt tags gt lt count gt 0 lt count gt lt tags gt lt formSubmission gt BOTH lt formSubmission gt lt maxCrawlRequests gt 300 lt maxCrawlRequests gt lt parameterSet gt lt id gt 0 lt id gt lt name gt lt CDATA Initial Parameters gt lt name gt lt parameterSet gt lt ignoreBinaryFiles gt false lt ignoreBinaryFiles gt lt performance gt LOW lt performance gt lt bruteforceOption gt MINIMAL lt bruteforceOption gt lt comments gt lt count gt 2 lt count gt lt list gt lt Comment gt lt contents gt lt CDATA some comments gt lt contents gt lt author gt lt id gt 200639085669 lt id gt lt username gt acme_ww lt username gt lt author gt lt Comment gt lt Comment gt lt contents gt lt CDATA some more comments gt lt contents gt lt author gt lt id gt 200639085669 lt id gt lt username gt acme_ww lt username gt lt author gt lt Comment gt lt list gt lt comments gt lt sensitiveContent gt lt creditCardNumber gt false lt creditCardNumber gt lt socialSecurityNumber gt false lt socialSecurityNumber gt lt sensitiveContent gt lt createdDate gt 2014 09 08T22 03 012 lt createdDate gt lt createdBy gt Qualys Web Application Scanning API 221 Chapter 8 Option Profile API Get details for an option profile lt id gt 8792415669 lt id gt lt username gt acme_ww lt username gt lt firstName g
150. gt lt CDATA http url whitelist 2 xxx com gt lt UrlEntry gt lt UrlEntry regex true gt lt CDATA http rg whitelist xxx c om gt lt UrlEntry gt lt set gt lt urlWhitelist gt postDataBlacklist The web application URLs for which you want to block form submission POST data as this could have unwanted side effects For each URL specify UrlEntry Text The attribute regex Boolean can be set to true for a regular expression match Example lt postDataBlacklist gt lt set gt lt UrlEntry regex true gt lt CDATA http rg postdatablacklist ga qualys com gt lt UrlEntry gt lt UrlEntry regex true gt lt CDATA http rg postdatablacklist gt lt UrlEntry gt lt set gt lt postDataBlacklist gt Qualys Web Application Scanning API 63 Chapter 2 Web Application API Reference WebApp Element data type Description authRecords The web application authentication records The WebAppAuthRecords element identifies a set of authentication instances combination of form and types Example lt authRecords gt lt list gt lt list gt lt set gt lt WebAppAuthRecord gt lt name gt Name of Record lt name gt lt comments gt Comments lt comments gt lt formRecord gt lt type gt STANDARD lt type gt lt fields gt lt authRecords gt WebAppAuthRecord Under lt authRecords gt this element identifies an authentication record assig
151. gt lt url gt lt webApp gt lt webAppAuthRecord gt lt id gt 8753 lt id gt lt name gt lt CDATA Auth Record 1 gt lt name gt lt webAppAuthRecord gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt target gt lt profile gt lt id gt 55784 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt scheduling gt lt startDate gt 2014 05 06T18 22 002 lt startDate gt 134 Qualys Web Application Scanning API Chapter 5 Schedule API Search schedules lt timeZone gt lt code gt America Dawson lt code gt lt offset gt 07 00 lt offset gt lt timeZone gt lt occurrenceType gt DAILY lt occurrenceType gt lt occurrence gt lt dailyOccurrence gt lt everyNDays gt 1 lt everyNDays gt lt dailyOccurrence gt lt occurrence gt lt scheduling gt lt lastScan gt lt id gt 14929668885 lt id gt lt launchedDate gt 2014 05 12T01 22 022Z lt launchedDate gt lt status gt FINISHED lt status gt lt lastScan gt lt createdDate gt 2014 05 06T23 17 232 lt createdDate gt lt updatedDate gt 2014 05 13T01 22 022 lt updatedDate gt lt WasScanSchedule gt Example 3 List schedules no criteria POST curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was wasscansched ule lt file xml Note fil
152. henticate using Qualys account credentials user name and password as part of the HTTP request The credentials are transmitted using the Basic Authentication Scheme over HTTPS For more information see the Basic Authentication Scheme section of RFC 2617 http www faqs org rfcs rfc2617 html The exact method of implementing authentication will vary according to which programming language is used The allowed methods POST and or GET for each API request are documented with each API call in this user guide Basic authentication recommended option curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was webapp where qualysapi qualys com is the base URL to the Qualys API server where your account is located Qualys Web Application Scanning API 15 Chapter 1 Welcome Base URL to the Qualys API Server Base URL to the Qualys API Server The Qualys API documentation and sample code within it use the API server URL for Qualys US Platform 1 qualysapi qualys com The Qualys API server URL that you should use for API requests depends on the platform where your account is located Account Location API Server URL Qualys US Platform 1 https qualysapi qualys com Qualys US Platform 2 https qualysapi qg2 apps qualys com Qualys EU Platform https qualysapi qualys eu 16 Qualys Web Application Scanning API Chapter 1 Welcome How to Download Vulnerabili
153. hentication records are defined No form or server authentication will be performed e No blacklists or whitelists are defined All directories and sub directories of the starting URL will be scanned Permissions User must have the WAS application enabled User must have API Access permission User must have Create Web Asset permission Qualys Web Application Scanning API 33 Chapter 2 Web Application API Create a web application Examples 34 Example 1 Create minimum criteria POST Create a new web application called My Web Application that has the starting URL http mywebapp com The default web application settings are assigned automatically Request curl u USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was webapp lt file xml Note file xml contains the request POST data Request POST data lt ServiceRequest gt lt data gt lt WebApp gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt WebApp gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode
154. i noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Finding gt lt id gt 1613255669 lt id gt lt Finding gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API CHAPTER Progressive Scanning Qualys WAS 4 0 introduces Progressive Scanning to improve testing coverage and scheduling flexibility Progressive Scanning is a limited availability feature so if you re interested in becoming an early adopter please contact your Technical Account Manager or our Support Team Learn more We ve made several updates to the WAS API to support Progressive Scanning see below for all the details Users will see these changes only when Progressive Scanning is enabled for their account Web Application API Scan API Schedule API Scan Report Chapter 10 Progressive Scanning Web Application API Web Application API 260 Schema webapp xsd A new progressiveScanning element was added to the WebApp XML element Expected format is a boolean lt xs complexType name WebApp gt lt xs all gt lt xs element name id type xs long minOccurs 0 gt lt xs element name progressiveScanning type xs boolean default true minOccurs 0 gt CREATE UPDATE web application The user will be able to set progressiveScanning to true or false if Progressive S
155. ication Scanning API Chapter 4 Scan API Get scan details lt launchedBy gt lt id gt 2086786 lt id gt lt username gt acme_tp16 lt username gt lt firstName gt lt CDATA FIRSTNAME gt lt firstName gt lt lastName gt lt CDATA LASTNAME gt lt lastName gt lt launchedBy gt lt status gt RUNNING lt status gt lt WasScan gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 103 Chapter 4 Scan API Launch a new scan Launch a new scan Launch a scan on a web application which is in the user s scope URL https qualysapi qualys com gps rest 3 0 launch was wassca n Methods allowed POST Input Required input elements are listed below The associated data type for each element appears in parentheses unless a compound element See Reference WasScan for descriptions of these lt WasScan gt elements Required Elements Optional Elements name Text scannerAppliance webApp id Integer webAppAuthRecord id Integer type Keyword DISCOVERY or options VULNERABILITY profile id Integer proxy id Integer cancelOption set to DEFAULT Forces the use of the target web app s cancelScans option if set else fall back to the one passed in to the API while launching the scan cancelOption set to SPECIFIC Always use the cancel scan option passed while launching the scan The element profile Text is required u
156. ication record Get details for an authentication record View details for an authentication record which is in the user s scope Want to find a record ID to use as input See Search authentication records URL https qualysapi qualys com gps rest 3 0 get was webappauthreco rd lt id gt Methods allowed GET Input The element id Integer is required where id identifies an authentication record Permissions User must have the WAS application enabled User must have API Access permission Authentication record must be within the user s scope Example View details GET View details for authentication record ID 74078 Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was webappauthrecor d 74078 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebAppAuthRecord gt lt id gt 74078 lt id gt lt name gt lt CDATA My Authentication Record gt lt name gt 72 Qualys Web Application Scanning API Chapter 3 Authentication API Get details for an authentication record lt owner gt lt id gt 4354 lt id gt lt username gt username lt username gt lt fi
157. icationn Delete web applications Purge web applications Chapter 2 Web Application API Current web application count Current web application count Returns the total number of web applications in the user s account Input elements are optional and are used to filter the number of web applications included in the count URL https qualysapi qualys com gps rest 3 0 count was weba PP Methods allowed GET POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WebApp for descriptions of all lt WebApp gt elements id Integer createdDate Date name Text updatedDate Date url Text isScheduled Boolean tags name Text isScanned Boolean tags id Integer lastScan status Keyword SUBMITTED RUNNING FINISHED ERROR or CANCELLED lastScan date Date Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS 22 Qualys Web Application Scanning API Chapter 2 Web Application API Current web application count Permissions User must have the WAS application e
158. id gt 8 lt Optio lt Option lt id gt 8 lt Optio lt dat Profile gt 12265669 lt id gt nProfile gt Profile gt 52265669 lt id gt nProfile gt Profile gt 52275669 lt id gt nProfile gt Profile gt 54265669 lt id gt nProfile gt Profile gt 12685669 lt id gt nProfile gt Profile gt 24295669 lt id gt nProfile gt Profile gt 24305669 lt id gt nProfile gt Profile gt 30265669 lt id gt nProfile gt Profile gt 30275669 lt id gt nProfile gt Profile gt 30285669 lt id gt nProfile gt a gt lt Servic Response gt Qualys Web Application Scanning API CHAPTER Finding API The WAS Finding API provides a suite of API functions lets you manage the findings detections returned from your web application scans These operations are available Current finding count Search findings Get details of a finding Ignore Findings Activate Findings Chapter 9 Finding API Current finding count Current finding count Returns the total number of findings on web application s in the user s scope URL https qualysapi qualys com qps rest 3 0 count was finding Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC d
159. ilters Applies to Web Application Report Scan Report and Catalog Report Values for Web Application Report and Scan Report NEW ACTIVE REOPENED FIXED IGNORED Web Application Report only Values for Catalog Report NEW ROGUE APPROVED REJECTED SUBSCRIPTION filters showPatched Keyword Identifies whether to include not include findings with virtual patches Applies to Web Application Report and Scan Report Values SHOW_ONLY show patched findings only SHOW_BOTH show patched amp unpatched findings default SHOW_NONE show unpatched findings only filters scanDate Applies to a Scorecard Report and Catalog Report Example lt filters gt lt scanDate gt lt startDate gt 2012 08 28 lt startDate gt lt endDate gt 2012 10 28 lt endDate gt lt scanDate gt lt filters gt filters scanStatus Applies to a Scorecard Report don t see values in the structure Example lt filters gt lt scanStatus gt FINISHED lt scanStatus gt lt filters gt filters scanAuthStatus Applies to a Scorecard Report don t see values in the structure Example lt filters gt lt scanAuthStatus gt SUCCESSFUL lt scanAuthStatus gt lt filters gt Qualys Web Application Scanning API 211 Chapter 7 Report Creation API Reference Report Creation Element data type Description filters ip Text Applies to a Catalog Report Example lt filters gt lt ip gt lt CDATA 10
160. ins the request POST data Request POST Data lt ServiceRequest gt lt data gt lt OptionProfile gt lt name gt lt CDATA My Option Profile with defaults gt lt name gt lt OptionProfile gt lt data gt lt ServiceRequest gt Qualys Web Application Scanning API 223 Chapter 8 Option Profile API Create a new option profile 224 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt OptionProfile gt lt id gt 832265669 lt id gt lt name gt lt CDATA My Option Profile with defaults gt lt name gt lt owner gt lt id gt 8792415669 lt id gt lt username gt acme_as lt username gt lt firstName gt lt CDATA Alex gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt isDefault gt false lt isDefault gt lt tags gt lt count gt 0 lt count gt lt tags gt lt formSubmission gt BOTH lt formSubmission gt lt maxCrawlRequests gt 300 lt maxCrawlRequests gt lt parameterSet gt lt id gt 0 lt id gt lt name gt lt CDATA Initial Parameters gt lt name gt lt parameterSet gt lt ignoreBinaryFiles gt false lt ignoreBinaryFiles gt lt performance gt LOW
161. ion https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt INVALID_REQUEST lt responseCode gt lt responseErrorDetails gt lt errorMessage gt Progressive scanning is not enabled in your subscription lt errorMessage gt lt errorResolution gt Please check with your account manager to enable this option lt errorResolution gt lt responseErrorDetails gt lt ServiceResponse gt 264 Qualys Web Application Scanning API Chapter 10 Progressive Scanning Scan API GET scan The progressiveScanning element will be included in the call response if Progressive Scanning is enabled for the subscription For all scans launched before this feature was enabled the value false will be returned API request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was wasscan 31397 XML output lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 31397 lt id gt lt name gt lt CDATA Relaunch Relaunch Web Application Vulnerability Scan 2014 08 13 gt lt name gt lt reference gt was 1413891468597 1792880 lt reference gt lt t ype gt VULNERABILITY lt type gt lt mode gt ONDEMAND lt mode gt
162. ion gt 138 lt testDuration gt lt linksCollected gt 10 lt linksCollected gt lt linksCrawled gt 1 lt linksCrawled gt lt nbRequests gt 503 lt nbRequests gt lt averageResponseTime gt 0 001554 lt averageResponseTime gt lt resultsStatus gt SUCCESSFUL lt resultsStatus gt lt authStatus gt NONE lt authStatus gt lt summary gt lt stats gt lt global gt lt nbVulnsTotal gt 79 lt nbVulnsTotal gt lt nbVulnsLevel5 gt 24 lt nbVulnsLevel5 gt 112 Qualys Web Application Scanning API lt nbVulnsLevel4 gt 0 lt nbVulnsLeve lt nbVulnsLevel3 gt 3 lt nbVulnsLeve Chapter 4 Scan API Retrieve the results of a scan 14 gt 13 gt lt nbVulnsLevel2 gt 18 lt nbVulnsLevel2 gt lt nbVulnsLevell gt 34 lt nbVulnsLevell gt lt nbScsTotal gt 0 lt nbScsTotal gt lt nbScsLevel5 gt 0 lt nbScsLevel5 gt lt nbScsLevel4 gt 0 lt nbScsLevel4 gt lt nbScsLevel3 gt 0 lt nbScsLevel3 gt lt nbScsLevel2 gt 0 lt nbScsLevel2 gt lt nbScsLevell gt 0 lt nbScsLevell gt lt nbIgsTotal gt 10 lt nbIgsTotal gt lt nbIgsLevel5 gt 0 lt nbIgsLevel5 gt lt nbIgsLevel4 gt 0 lt nbIgsLevel4 gt lt nbIgsLevel3 gt 0 lt nbIgsLevel3 gt lt nbIgsLevel2 gt 0 lt nbIgsLevel2 gt lt nbIgsLevell gt 10 lt nblIgsLevell gt lt global gt lt byGroup gt lt count gt 3 lt count gt lt list gt lt GroupStat gt lt group gt PATH lt group gt lt nbTotal gt 18 lt nbTotal gt lt nbLeve
163. ionProfile gt lt id gt 832265669 lt id gt lt OptionProfile gt lt data gt lt ServiceResponse gt Example 2 Update multiple settings POST Update multiple option profile settings for option profile ID 832275669 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was optionprofil e 832275669 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt OptionProfile gt lt name gt lt CDATA My Option Profile All Fields gt lt name gt lt formSubmission gt BOTH lt formSubmission gt lt maxCrawlRequests gt 100 lt maxCrawlRequests gt lt performance gt HIGH lt performance gt lt bruteforceOption gt USER_DEFINED lt bruteforceOption gt lt parameterSet gt lt id gt 15669 lt id gt lt parameterSet gt Qualys Web Application Scanning API 231 Chapter 8 Option Profile API Update an option profile lt isDefault gt false lt isDefault gt lt ignoreBinaryFiles gt false lt ignoreBinaryFiles gt lt userAgent gt lt CDATA Mozilla 5 0 Windows NT 6 2 WOW64 AppleWebKit 537 36 KHTML like Gecko Chrome 27 0 1453 116 Safari 537 36 gt lt userAgent gt lt tags gt lt set gt lt Tag gt lt id gt 75521225669 lt id gt lt Tag gt lt set gt lt tags gt lt sensitiveContent gt lt customContents
164. itCardNumber gt false lt creditCardNumber gt lt socialSecurityNumber gt false lt socialSecurityNumber gt lt customContents gt zip code lt customContents gt lt sensitiveContent gt lt createdDate gt 2014 09 08T22 31 062 lt createdDate gt lt createdBy gt lt id gt 8792415669 lt id gt lt username gt acme_cg lt username gt 228 Qualys Web Application Scanning API Chapter 8 Option Profile API Create a new option profile lt firstName gt lt CDATA Cindy gt lt firstName gt lt lastName gt lt CDATA Green gt lt lastName gt lt createdBy gt lt updatedDate gt 2014 09 08T22 31 072 lt updatedDate gt lt updatedBy gt lt id gt 8792415669 lt id gt lt username gt acme_cg lt username gt lt firstName gt lt CDATA Cindy gt lt firstName gt lt lastName gt lt CDATA Green gt lt lastName gt lt updatedBy gt lt OptionProfile gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 229 Chapter 8 Option Profile API Update an option profile Update an option profile Update an option profile which is in the user s scope URL https qualysapi qualys com qps rest 3 0 update was optio nprofile lt id gt Methods allowed POST Input The element id Integer is required where id identifies an option profile Additional elements are optional and must be supplied in POST XML data At least one of the following element
165. l5 gt 0 lt nbLevel5 gt lt nbLevel4 gt 0 lt nbLevel4 gt lt nbLevel3 gt 0 lt nbLevel3 gt lt nbLevel2 gt 18 lt nbLevel2 gt lt nbLevell gt 0 lt nbLevell gt lt GroupStat gt lt list gt lt byGroup gt lt byOwasp gt lt count gt 4 lt count gt lt list gt lt OwaspStat gt lt owasp gt OWASP A4 lt owasp gt lt nbTotal gt 18 lt nbTotal gt lt nbLevel5 gt 0 lt nbLevel5 gt Qualys Web Application Scanning API 113 Chapter 4 Scan API Retrieve the results of a scan lt nbLevel4 gt 0 lt nbLevel4 gt lt nbLevel3 gt 0 lt nbLevel3 gt lt nbLevel2 gt 18 lt nbLevel2 gt lt nbLevel1l gt 0 lt nbLevell gt lt OwaspStat gt lt list gt lt byOwasp gt lt byWasc gt lt count gt 5 lt count gt lt list gt lt WascStat gt lt wasc gt WASC 15 lt wasc gt lt nbTotal gt 14 lt nbTotal gt lt nbLevel5 gt 0 lt nbLevel5 gt lt nbLevel4 gt 0 lt nbLevel4 gt lt nbLevel3 gt 2 lt nbLevel3 gt lt nbLevel2 gt 12 lt nbLevel2 gt lt nbLevell gt 0 lt nbLevell gt lt WascStat gt lt list gt lt byWasc gt lt stats gt lt vulns gt lt count gt 79 lt count gt lt list gt lt WasScanVuln gt lt qid gt 150081 lt qid gt lt title gt lt CDATA Possible Clickjacking vulnerability gt lt title gt lt uri gt lt CDATA https example com randomLink 1328558353 9231 gt lt u ri gt lt instances gt lt count gt 1 lt count gt lt list g
166. lendar and Apple iCal URL Methods allowed Input https qualysapi qualys com qps rest 3 0 download was wa sscanschedule lt id gt or https qualysapi qualys com qps rest 3 0 download was wa sscanschedule lt filters gt POST Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt elements id Integer type Keyword DISCOVERY or VULNERABILITY name Text webApp name Text owner id webApp id Integer createdDate Date updatedDate Date active Boolean invalid Boolean Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the user s scope 158 Qualys Web Application Scanning API Chapter 5 Schedule API Download one or more schedules to iCalendar Examples Example 1 Download single POST Request curl u USERNAME PASSWORD H content type text xml X POST https qualysapi qualys com qps rest 3 0 download was wasscansch edule 1846 Response BEGIN VCALENDAR PRODID Qualys Inc WAS Product EN VERSION 2 0 CALSCALE GREGORIAN MET
167. lities that have OIDs 1 200 showing all details curl k u user password H X Requested With Curl X POST d action list ids 1 200 amp is_patchable 1l amp details A11 https qualysapi qualys com api 2 0 fo knowledge_base vuln gt output txt Sample 3 Request vulnerabilites that were last modified by the service after July 20 2011 and that have the remote and authenticated discovery method curl k u user password H X Requested With Curl X POST d action list last_modified_by_service_after 2011 07 20 amp discovery_method RemoteAndAuthenticated https qualysapi qualys com api 2 0 fo knowledge_base vuln gt output txt XML Output 20 A KnowledgeBase API request returns XML output using the knowledge_base_vuln_list_output dtd which can be found at the following URL where qualysapi qualys com is your API server URL https qualysapi qualys com api 2 0 fo knowledge_base vuln knowle dge_base_vuln_list_output dtd The DTD for the KnowledgeBase output is described in the Qualys API v2 User Guide in Appendix A Qualys Web Application Scanning API CHAPTER Web Application API The WAS Web Application API provides a suite of API functions for managing web applications that you want to scan for security risks These operations are available Current web application count Search web applications Get details for a web application Create a web application Update a web appl
168. loadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadInstance gt lt payload gt lt CDATA PATH FIL E test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F 2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJ1cjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va2lldGhyZWU7IGNvb2tpZTI9Y29va2lldHdvoyBjb29raw UxPWNvb2tpZW9UZTSQUEhQUOVTUOLEPTBJZWY2OTUZNMISM2MyYTOQO3ZmMyYzZI3NWJm NjI4MDc30w0K gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadInstance gt Qualys Web Application Scanning API 251 Chapter 9 Finding API Get details of a finding lt payload gt lt CDATA PATH FILE test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F S2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJ1cjogaHROcHM6L
169. lowed GET POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt elements id Integer webApp name Text name Text webApp id Integer owner id Text webApp tags with operator NONE createdDate Date webApp tags id Integer updatedDate Date active Boolean type Keyword DISCOVERY or invalid Boolean VULNERABILITY Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the user s scope 128 Qualys Web Application Scanning API Chapter 5 Schedule API Current schedule count Examples Example 1 Count no criteria GET Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was wasscanschedu Te Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instan
170. lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 1688 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Example 2 Update notification to reschedule POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 update was wasscansched ule 171425669 lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 149 Chapter 5 Schedule API Update a schedule 150 Request POST Data lt ServiceRequest gt lt data gt lt WasScanSchedule gt lt name gt lt CDATA Update Notification to enable Reschedule gt lt name gt lt notification gt lt active gt true lt active gt lt reschedule gt true lt reschedule gt lt delay gt lt nb gt 1 lt nb gt lt scale gt DAY lt scale gt lt delay gt lt message gt lt CDATA A QualysGuard scan is scheduled to start soon gt lt message gt lt notification gt lt WasScanSchedule gt lt data gt lt ServiceRequest gt Response lt xml versi
171. lt Url gt lt Url gt lt CDATA https corpl myapp com gt lt Url gt lt Url gt lt CDATA https corpl myapp com gt lt Url1 gt lt Url gt lt CDATA https corpl myapp com 443 gt lt Url1 gt lt Url gt lt CDATA https corpl myapp com 443 gt lt Url gt lt Url gt lt CDATA http corpl myapp com 8080 gt lt Url gt lt Url gt lt CDATA http corpl myapp com startingUri gt lt Url gt Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application lt Url gt lt CDATA http corpl myapp com startingUri gt lt Url gt lt Url gt lt CDATA http corpl myapp com startingUri param true gt lt Url gt lt Url gt lt CDATA http corpl myapp com startingUri param truesparam2 false gt lt Url gt lt Url gt lt CDATA http corpl myapp com otherUri gt lt Url gt lt Url gt lt CDATA http corpl myapp com otherUri param 1 gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com gt lt Url gt lt Url gt lt CDATA http corp2 ab myapp com gt lt Url1 gt lt Url gt lt CDATA https corp2 ab myapp com gt lt Ur1 gt lt Url gt lt CDATA https corp2 ab myapp com gt lt Url1 gt lt Url gt lt CDATA https corp2 ab myapp com 443 gt lt Url1 gt lt Url gt lt CDATA https corp2 ab myapp com 443 gt lt Url1 gt lt
172. lt WebApp gt lt webapps gt lt target gt password Text A password for a encrypted PDF report Applies to all reports distributionList Email addresses for a report distribution list Applies to all reports Example lt distributionList gt lt set gt lt EmailAddress gt lt EMAIL_ADDRESS1 gt lt EmailAddress gt lt EmailAddress gt lt EMAIL_ADDRESS2 gt lt EmailAddress gt lt set gt lt distributionList gt display contents Identifies the report content to display Values DESCRIPTION SUMMARY GRAPHS RESULTS INDIVIDUAL_RECORDS all reports Values RECORD_DETAILS ALL_RESULTS APPENDIX Web Application Report and Scan Report Values RESULTS_PAYLOADS Scan Report Example for a Scan Report lt display gt lt contents gt lt ScanReportContent gt GRAPHS lt ScanReportContent gt lt ScanReportContent gt RESULTS lt ScanReportContent gt lt contents gt lt display gt Qualys Web Application Scanning API 209 Chapter 7 Report Creation API Reference Report Creation Element data type Description display graphs Identifies the graphs to display Applies to all reports Example for a Scan Report lt display gt lt graphs gt lt ScanReportGraph gt MOST_VULNERABLE_URLS lt ScanReport Graph gt lt ScanReportGraph gt VULNERABILITIES_BY_SEVERITY lt Sca nReportGraph gt lt ScanReportGraph gt VULNERABILITIES_BY_GROUP lt ScanRe portGraph gt lt ScanReportGraph g
173. lt performance gt lt bruteforceOption gt MINIMAL lt bruteforceOption gt lt comments gt lt count gt 0 lt count gt lt comments gt lt sensitiveContent gt lt creditCardNumber gt false lt creditCardNumber gt lt socialSecurityNumber gt false lt socialSecurityNumber gt lt sensitiveContent gt lt createdDate gt 2014 09 08T22 03 012 lt createdDate gt lt createdBy gt lt id gt 8792415669 lt id gt Qualys Web Application Scanning API Chapter 8 Option Profile API Create a new option profile lt username gt acme_as lt username gt lt firstName gt lt CDATA Alex gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt updatedDate gt 2014 09 08T22 03 012 lt updatedDate gt lt updatedBy gt lt id gt 8792415669 lt id gt lt username gt acme_as lt username gt lt firstName gt lt CDATA Alex gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt OptionProfile gt lt data gt lt ServiceResponse gt Example 2 Create all criteria POST Create a new option profile with the name My Option Profile All Fields The name setting is required in the request data other settings are optional Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was optionprofil e lt file xml
174. lt Attribute gt lt category gt Business Function lt category gt lt value gt lt CDATA some business function gt lt value gt lt Attribute gt lt Attribute gt lt category gt Business Description lt category gt lt value gt lt CDATA some business description gt lt value gt lt Attribute gt lt Attribute gt lt category gt Business Location lt category gt lt value gt lt CDATA some business location gt lt value gt lt Attribute gt lt list gt lt attributes gt lt defaultProfile gt lt id gt 90212 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt defaultProfile gt lt defaultScanner gt lt type gt INTERNAL lt type gt lt friendlyName gt lt CDATA friendlyname gt lt friendlyName gt Qualys Web Application Scanning API 43 Chapter 2 Web Application API Create a web application lt defaultScanner gt lt scannerLocked gt false lt scannerLocked gt lt urlBlacklist gt lt count gt 4 lt count gt lt list gt lt UrlEntry regex false gt lt CDATA http url blacklist 2 ab myapp com gt lt Url Entry gt lt UrlEntry regex false gt lt CDATA http url blacklist 3 ab myapp com gt lt Url Entry gt lt UrlEntry regex true gt lt CDATA http rg blacklist ab myapp com gt lt UrlEn try gt lt UrlEnt
175. lt Tag gt lt id gt 216368 lt lt Tag gt lt id gt 153442 lt lt set gt lt tags gt lt defaultProfile gt lt id gt 90212 lt lt defaultProfile lt defaultScanner gt ibute gt id gt lt Tag gt id gt lt Tag gt id gt lt Tag gt id gt lt Tag gt id gt gt lt type gt INTERNAL lt type gt lt friendlyName gt lt CDATA friendlyname gt lt friendlyName gt com gt lt UrlEntry gt lacklist 2 ab myapp com gt lt Ur Entry gt Entry gt Entry gt lt defaultScanner gt lt useRobot s gt BLACKLIST lt useRobots gt lt useSitemap gt true lt useSitemap gt lt headers gt lt set gt lt WebAppHeader gt lt CDATA some headers gt lt WebAppHeader gt lt set gt lt headers gt lt urlBlacklist gt lt set gt lt UrlEntry regex true gt lt CDATAlhttp rg blacklist qga myapp lt UrlEntry regex true gt lt CDATA lhttp rg blacklist gt lt Ur l lt UrlEntry gt lt CDATA http url b lt UrlEntry regex false gt lt CDATA http url blacklist 3 qa myapp com gt lt Ur lt set gt lt urlBlacklist gt lt urlWhitelist gt lt set gt lt CDATA http rg whi lt Ur lEntry regex true gt telist qa myapp com gt lt UrlEntry gt Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application lt UrlEntry regex tru
176. lt updatedDate gt 2013 10 18T17 57 322 lt updatedDate gt lt WebApp gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 2 Web Application API Update a web application Update a web application Update a web application configuration in your account URL https qualysapi qualys com gps rest 3 0 update was webapp lt id gt Methods allowed POST Input The id Integer element is required where id identifies a web application Additional elements are optional See Reference WebApp for descriptions of all lt WebApp gt elements Permissions User must have the WAS application enabled User must have API Access permission User must have Edit Web Asset permission Web application must be within the user s scope Examples Example 1 Update minimum information POST For the web application with ID 1234 change the name to My WebApp Name Request curl u USERNAME PASSWORD H Content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 update was webapp 1234 lt file xml Note file xml contains the request POST data Request POST data file xml lt ServiceRequest gt lt data gt lt WebApp gt lt name gt My WebApp Name lt name gt lt WebApp gt lt data gt lt ServiceRequest gt Qualys Web Application Scanning API 47 Chapter 2 Web Application API
177. lysapi qualys com gps rest 3 0 update was report 1304 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt Report gt Qualys Web Application Scanning API 183 Chapter 6 Report API Update a report lt tags gt lt set gt lt Tag gt lt id gt 99509 lt id gt lt Tag gt lt Tag gt lt id gt 99510 lt id gt lt Tag gt lt set gt lt tags gt lt Report gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 1304 lt id gt lt Report gt lt data gt lt responseCode gt SUCCESS lt responseCode gt lt ServiceResponse gt 184 Qualys Web Application Scanning API Chapter 6 Report API Delete one or more existing reports Delete one or more existing reports Delete a report which is in the user s scope URL Methods allowed https qualysapi qualys com gps rest 3 0 delete was report lt id gt or https qualysapi qualys com gps rest 3 0 delete was report POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses To delete one report by the report ID the id element is required the other elements listed below are used to delete reports based on filters When mul
178. m qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt ServiceResponse gt 216 Qualys Web Application Scanning API Search option profiles Chapter 8 Option Profile API Search option profiles Returns a list of option profiles which are in the user s scope Action logs are not included in the output URL https qualysapi qualys com gps rest 3 0 search was option profile Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND id Integer Filter by option profile ID name Text Filter by option profile name tags Filter by tags applied tags id Integer Filter by tag ID applied tags name Text Filter by tag name applied createdDate Date Filter by created date UTC date time format updatedDate Date Filter by last updated date UTC date time format usedByWebApps Filter profiles if used not used by web Boolean with operator applications EQUALS or NOT EQUALS usedBySchedules Filter profiles if used not used by scan Boolean with operator schedules EQUALS or NOT EQUALS owner id Filter profiles based on owner s user ID Long with operator EQUALS IN NOT EQUAL
179. me gt lt profile gt proxy id Integer The proxy for scanning the target web application Example lt proxy gt lt id gt 12345 lt id gt lt proxy gt options The cancelAfterNHours element defines a number of hours after which a running scan will be canceled lt options gt lt WasScanOption gt lt name gt Cancel After N Hours lt name gt lt value gt lt CDATA 1 gt lt value gt lt WasScanOption gt lt options gt The cancelTime element defines a specific time at which a running scan will be canceled Example lt cancelTime gt 11 15 lt cancelTime gt Scanner Appliance The IP address of the external scanner appliance when an external scanner is used mode Keyword The mode of the scan ONDEMAND SCHEDULED or API launched Date Date The date and time when the scan was launched in UTC date time format YYYY MM DDTHH MM SSZ launchedBy The user who launched the scan User properties include user ID user login first and last name Example lt launchedBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt launchedBy gt status Keyword The status of the scan SUBMITTED RUNNING FINISHED ERROR or CANCELED endScanDate Date The date and time when the scan ended in UTC date time format YYYY MM DDTHH MM SSZ
180. ments id Integer type Keyword VULNERABILITY or DISCOVERY name Text active Boolean webApp id Integer invalid Boolean webApp name Text created Date Date owner id Integer updatedDate Date Permissions User must have the WAS application enabled User must have API Access permission User must have Delete WAS Schedule permission Scan target must be within the user s scope Examples Example 1 Delete single schedule POST Request curl u USERNAME PASSWORD H content type text xml X POST https qualysapi qualys com qps rest 3 0 delete was wasscansched ule 1846 Qualys Web Application Scanning API 155 Chapter 5 Schedule API Delete one or more existing schedules 156 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys cm qps xsd 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 1846 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Example 2 Delete schedules matching criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 delete was
181. n Report Web Application Scan Report WAS v3 Scan Results Vulnerability and Sensitive Content findings WasScan vulns list WasScanVuln instances list WasScanVulnInstance payloads list WasS canVulnPayload result WasScan sensitiveContents list WasScanSensitiveContent instances list WasScanSensitiveC ontentInstance payloads list WasScanSensitiveContentPayload result Sample WAS v3 Scan Results XML lt WasScanVuln gt lt qid gt 150001 lt qid gt lt title gt lt CDATA Reflected Cross Site Scripting XSS Vulnerabilities gt lt title gt lt uri gt lt CDATA http myuri apps com 613460625329 feed gtl uid 22 3E 3Cqss 20a 3DX157 105156Y12 3E gt lt uri gt lt param gt uid lt param gt lt instances gt lt count gt 1 lt count gt lt list gt lt WasScanVulnInstance gt lt authenticated gt false lt authenticated gt lt payloads gt lt count gt 4 lt count gt lt list gt 280 Qualys Web Application Scanning API Appendix B WAS Findings in XML Reports lt WasScanVulnPayload gt lt payload gt lt CDATA uid S00 3Cscript 3E_q 3Drandom X157105156Y12 3C 2Fscript 3E gt lt payload gt lt result base64 true gt lt CDATA C19mZWVkKCgKCgpbCil gt lt result gt lt WasScanVulnPayload gt lt WasScanVulnPayload gt lt payload gt lt CDATA uid 22 3E 3Cqss 20a 3DX157105156Y12 3E gt lt pay load gt lt result base64 true gt lt
182. n Scanning API Chapter 6 Report API Search reports Example 2 Search criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was report lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field tags id operator EQUALS gt 99511 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse gt lt count gt 1 lt count gt lt data gt lt list gt lt Report gt lt id gt 1302 lt id gt lt name gt lt CDATA Web Application Report 2 gt lt name gt lt type gt WAS_WEBAPP_REPORT lt type gt lt format gt PDF_ENCRYPTED lt format gt lt status gt COMPLETE lt status gt lt size gt 2244667 lt size gt lt creationDate gt 2011 11 24T00 00 002 lt creationDate gt lt tags gt lt count gt 1 lt count gt lt tags gt lt distributionList gt lt count gt 12 lt count gt lt distributionList gt lt owner gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt Gl Qualys Web Application Scanning API 175 Chapter 6 Report API Search reports lt lastName gt lt CDATA Smith gt lt lastN
183. n date Date tags Integer lastScan authStatus Keyword NOT_USED SUCCESSFUL FAILED or PARTIAL tags id Integer isUsed Boolean tags name Text contents Keyword FORM_STANDARD FORM_CUSTOM FORM_SELENIUM SERVER_BASIC SERVER_DIGEST createdDate Date Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN Boolean true false EQUALS NOT EQUALS Permissions User must have the WAS application enabled User must have API Access permission Output includes authentication records within the user s scope Qualys Web Application Scanning API 69 Chapter 3 Authentication API Search authentication records Examples Example Search no criteria POST Return a list of all authentication records in the user s scope Request curl u USERNAME PASSWORD H content type text xml X POST https qualysapi qualys com gps rest 3 0 search was webappauthre cord Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys cm qps xsd 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 3 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt We
184. nabled User must have API Access permission Count includes web applications within the user s scope Examples Example 1 Count no criteria GET Get the number of web applications in the user s account Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was webapp Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 227 lt count gt lt ServiceResponse gt Example 2 Count criteria POST Get the number of web applications in the user s account including those with an ID that is equal to the integer 323126 or 323816 Depending Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was webapp lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field id operator IN gt 323126 323816 lt Criteria gt Qualys Web Application Scanning API 23 Chapter 2 Web Application API Current web application count lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt Se
185. name lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt updatedDate gt 2014 08 12T18 00 002 lt updatedDate gt lt updatedBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt updatedBy gt lt notification gt lt active gt false lt active gt lt reschedule gt true lt reschedule gt lt delay gt lt nb gt 1 lt nb gt lt scale gt DAY lt scale gt lt delay gt lt message gt lt CDATA A QualysGuard scan is scheduled to start soon gt lt message gt lt notification gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 139 Chapter 5 Schedule API Create a schedule Create a schedule Create a scheduled scan on a web application which is in the user s scope URL https qualysapi qualys com gps rest 3 0 create was wassc anschedule Methods allowed POST Input Required input elements are listed below The associated data type for each element appears in parentheses unless a compound element See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt elements Required Elements Optional Elements name Text scannerAppliance webApp
186. nce xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 203285669 lt id gt lt name gt lt CDATA Create Schedule from API3 using Reschedule gt lt name gt lt owner gt lt id gt 8792415669 lt id gt lt username gt quays_cp lt username gt lt firstName gt lt CDATA Customer_2 6_1 gt lt firstName gt lt lastName gt lt CDATA pocm gt lt lastName gt lt owner gt 142 Qualys Web Application Scanning API Chapter 5 Schedule API Create a schedule lt active gt false lt active gt lt type gt VULNERABILITY lt type gt lt target gt lt webApp gt lt id gt 1296335669 lt id gt lt name gt lt CDATA My Web Application gt lt name gt lt url gt lt CDATA http 10 10 26 238 gt lt url gt lt webApp gt lt webAppAuthRecord gt lt id gt 175535669 lt id gt lt name gt lt CDATA AR1 gt lt name gt lt webAppAuthRecord gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt target gt lt profile gt lt id gt 712265669 lt id gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt lt scheduling gt lt startDate gt 2014 09 06T09 50 002 lt startDate gt lt timeZone gt lt code gt America Vancouver lt
187. ned to the web application Prior to WAS 3 1 authentication records and their settings were defined here using the Web Applicatin API Now you can manage authentication records using the Authentication API Elements Assigned by the Service id Integer The web application ID owner Text The user login ID of the web application owner isScheduled Boolean Is a scan scheduled for the web application true or false createdBy Text The user who created the web application creatededDate Date the date when the web application was created in UTC date time format 2011 11 07T10 58 17Z updatedBy Text The user who last updated the web application updatedDate Date The date of the last update of the web application in UTC date time format YYYY MM DDTHH MM SSZ lastScan Text The scan ID of the last scan run on the web application lastScan status Keyword The status of the most recent scan SUBMITTED RUNNING FINISHED ERROR or CANCELLED 64 Qualys Web Application Scanning API CHAPTER Authentication API Some web applications require authenticated access to most of their functionality You can configure authentication by creating authentication records Each record can be defined with multiple types form authentication like login pages and server authentication HTTP Basic Digest NTLM SSL client certificates The WAS Authentication API provides
188. nless the target has a default option profile Permissions User must have the WAS application enabled User must have API Access permission User must have Launch WAS Scan permission Scan target must be within the user s scope Qualys Web Application Scanning API Chapter 4 Scan API Launch a new scan Examples Example 1 Launch a new scan basic elements Launch a new discovery scan on the web application ID 323126 using the option profile ID 1021 and cancel the scan after 5 hours Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 launch was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt WasScan gt lt name gt New WAS Discovery Scan launched from API lt name gt lt type gt DISCOVERY lt type gt lt target gt lt webApp gt lt id gt 323126 lt id gt lt webApp gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt target gt lt profile gt lt id gt 1021 lt id gt lt profile gt lt options gt lt WasScanOption gt lt name gt Cancel After N Hours lt name gt lt value gt lt CDATA 5 gt lt value gt lt WasScanOption gt lt options gt lt WasScan gt lt data gt lt ServiceRequest gt Qualys Web Application Scanning API 105 Chapter 4
189. nt User must have API Access permission Web application must be within the user s scope Example View details GET Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was finding 1137289 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchemainstance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Finding gt lt id gt 1137289 lt id gt lt qid gt 150013 lt qid gt lt name gt lt CDATA Browser Specific Cross Site Scripting Vulnerabilities gt lt name gt Qualys Web Application Scanning API 249 Chapter 9 Finding API Get details of a finding lt type gt VULNERABILITY lt type gt lt group gt XSS lt group gt lt cwe gt lt count gt 1 lt count gt lt list gt lt long gt 79 lt long gt lt list gt lt cwe gt lt owasp gt lt count gt 1 lt count gt lt list gt lt OWASP gt lt name gt lt CDATA Cross Site Scripting XSS gt lt name gt lt url gt lt CDATA https www owasp org index php Top_10_2013 A3 Cross Site_Scripting_ XSS gt lt url gt lt code gt 3 lt code gt lt OWASP gt lt list gt lt owasp gt lt wasc gt lt count gt 1 lt count gt lt list gt lt WASC gt lt name gt lt
190. nteger lastDetectedDate Date webapps name Text lastTestedDate Date severity Integer timesDetected Integer ignoredDate Date Permissions The WAS application must be enabled in the user s account User must have API Access permission Web application must be within the user s scope User must have Ignore Vulnerabilities permission 254 Qualys Web Application Scanning API Chapter 9 Finding API Ignore Findings Examples Ignore specific finding POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 ignore was finding 1645 195669 Request POST Data lt ServiceRequest gt lt data gt lt Finding gt lt id gt 1645195669 lt id gt lt ignoredReason gt FALSE_POSITIVE lt ignoredReason gt lt ignoredComment gt test lt ignoredComment gt lt Finding gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Finding gt lt id gt 1645195669 lt id gt lt Finding gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning
191. occurre lt scheduli t gt 07 00 lt offset gt ne gt nceType gt ONCE lt occurrenceType gt lt createdDat lt updatedDat ng gt 2014 08 19T19 30 492 lt createdDate gt gt gt 2014 08 19T19 30 502 lt updatedDate gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Example 2 List launched schedules criteria GET Request curl u US EK RNAM BSE ASSWD https qualysapi qualys com qps rest 3 0 search was wasscanschedu le lt file xml Note file xml contains the request POST data Qualys Web Application Scanning API 133 Chapter 5 Schedule API Search schedules Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field lastScan status operator IN gt FINISHED ERROR lt Criteria gt lt Criteria field lastScan launchedDate operator LESSER gt 2014 08 19 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt WasScanSchedule gt lt WasScanSchedule gt lt id gt 97354000 lt id gt lt name gt lt CDATA Schedule Notification gt lt name gt lt owner gt lt id gt 334527 lt id gt lt owner gt lt active gt false lt active gt lt type gt VULNERABILITY lt type gt lt target gt lt webApp gt lt id gt 1061764000 lt id gt lt name gt lt CDATA My Web App gt lt name gt lt url gt lt CDATA http 10 10 26 238
192. ofile Delete an option profile that is in the user s scope Upon success the output is a list of IDs for the option profiles that were deleted URL https qualysapi qualys com qps rest 3 0 delete was optionp rofile lt id gt or https qualysapi qualys com qps rest 3 0 delete was optionp rofile Methods allowed POST Input Optional elements are used to retrieve option profiles to delete When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format name Text updatedDate Date owner Text usedByWebApps Boolean tags usedBySchedules Boolean created Date Date Permissions User must have the WAS application enabled User must have API Access permission User must have the Delete Option Profile permission Examples Example 1 Delete specific option profile POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 delete was optionprofil e 834275669 234 Qualys Web Application Scanning API Chapter 8 Option Profile API Delete an option profile Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt r
193. on 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 171425669 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API Chapter 5 Schedule API Activate an existing schedule Activate an existing schedule Activate one or more scheduled scans on web applications which are in the user s scope URL Methods allowed Input https qualysapi qualys com qps rest 3 0 update was wassc anschedule lt id gt or https qualysapi qualys com gps rest 3 0 activate was wassc anschedule lt filters gt POST The id Integer element is required to activate a specific schedule where id identifies a schedule Filters are required to activate schedules based on criteria When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt elements id Integer type Keyword VULNERABILITY or DISCOVERY name Text active Boolean webApp id Integer invalid Boolean webApp name Text created D
194. on for complex authentication schemes or to impersonate a web browser Example lt headers gt lt set gt lt WebAppHeader gt X TTP REQUESTED BY Qualys Test1 lt WebAppHeader gt lt WebAppHeader gt X TTP REQUESTED BY Qualys Test2 lt WebAppHeader gt lt set gt lt headers gt urlBlacklist The URLs for the black list These are web application links URLs that you do not want scanned For each URL specify UrlEntry Text If the attribute regex Boolean is set to true the service performs a regular expression match Example lt urlBlacklist gt lt set gt lt UrlEntry gt lt CDATA lhttp url blacklist 1 xxx com gt lt UrlEntry gt lt UrlEntry regex false gt lt CDATA http url blacklist 2 xxx com gt lt UrlEntry gt lt UrlEntry regex true gt lt CDATA http rg blacklist xxx c om gt lt UrlEntry gt lt set gt lt urlBlacklist gt 62 Qualys Web Application Scanning API Element data type Chapter 2 Web Application API Reference WebApp Description urlWhitelist The URLs for the white list These are web application links URLs that you want to be scanned For each URL specify UrlEntry Text If the attribute regex Boolean is set to true the service performs a regular expression match Example lt urlWhitelist gt lt set gt lt UrlEntry gt lt CDATA http url whitelist 1 xxx com gt lt UrlEntry gt lt UrlEntry regex false
195. ontent type text xml X POST data binary https qualysapi qualys com qps rest 3 0 delete was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS gt VULN lt Criteria gt Qualys Web Application Scanning API 119 Chapter 4 Scan API Delete an existing scan lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2 lt count gt lt data gt lt WasScan gt lt id gt 12874 lt id gt lt WasScan gt lt WasScan gt lt id gt 13093 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt 120 Qualys Web Application Scanning API Chapter 4 Scan API Reference WasScan Reference WasScan The lt WasScan gt element includes sub elements used to define a web application scan A reference of these elements is provided below An asterisk indicates a complex element Element data type Description id Integer The scan ID This element is assigned by the service and is required for a certain type of request details status results or cancel name T
196. ot enabled for the scan The consolidated finding is assigned a finding ID New elements in XML scan report New elements appear in the XML scan report when Progressive Scanning is enabled for the subscription as follows The new DETECTION_ID element optional containing the web application finding ID appears following these elements If the finding ID is unavailable the element is not included RESULTS VULNERABILITY_LIST VULN T RABILITY DETECTION_ID ESULTS SENSITIVE_CONTENT_LIST SENSITIVE_CONTENT DETECTION_ID R RESULTS INFORMATION_GATHERED_LIST INFORMATION_GATHERED DETECTION_I D The new PROGRESSIVE_SCANNING element is included in the Appendix This is set to true if the scan used Progressive Scanning or false Sample XML scan report lt RESULTS gt lt VULNERABILITY_LIST gt lt VULNERABILITY gt lt ID gt 76681 lt ID gt lt DETECTION_ID gt 7098 lt DETECTION_ID gt lt QID gt 150004 lt QID gt lt URL gt lt CDATA https 10 10 26 238 boq protected mime defaul tPage pdf test1 gt lt URL gt lt AUTHENTICATION gt Not Required lt AUTHENTICATION gt lt STATUS gt NEW lt STATUS gt lt FIRST_TIME DETECTED gt 2014 10 07T18 09 522 lt FIRST_TIME_DETECTED gt lt LAST_TIME_DETECTED gt 2014 10 07T18 09 522 lt LAST_TIME_DETECTED gt lt LAST_TIME_TESTED gt 2014 10 07T
197. owner gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt formRecord gt lt type gt STANDARD lt type gt lt sslOnly gt true lt sslOnly gt lt fields gt lt count gt 2 lt count gt lt list gt lt WebAppAuthFormRecordField gt lt id gt 835050 lt id gt lt name gt lt CDATA username gt lt name gt lt value gt lt CDATA Login gt lt value gt lt WebAppAuthFormRecordField gt lt WebAppAuthFormRecordField gt lt id gt 835051 lt id gt lt name gt lt CDATA password gt lt name gt lt value gt lt CDATA gt lt value gt lt WebAppAuthFormRecordField gt lt list gt lt fields gt lt formRecord gt lt tags gt lt count gt 1 lt count gt lt list gt lt Tag gt lt id gt 152743 lt id gt lt name gt lt CDATA Asset Groups gt lt name gt lt Tag gt lt list gt lt tags gt lt comments gt lt count gt 1 lt count gt lt list gt lt Comment gt lt contents gt lt CDATA some comments gt lt contents gt Qualys Web Application Scanning API 77 Chapter 3 Authentication API Create a new authentication record lt createdDate gt 2013 10 18T18 18 012 lt createdDate gt lt Comment gt lt list gt lt comments gt lt createdDate gt 2013 10 18T18 18 012 lt createdDate gt
198. password Text The password for a PDF encrypted report 188 Qualys Web Application Scanning API Chapter 6 Report API Reference Report Element data type Description distributionList This element specifies the email addresses for distribution of the report Example lt distributionList gt lt count gt 2 lt count gt lt list gt lt EmailAddress gt lt CDATA 1 abc com gt lt EmailAddress gt lt EmailAddress gt lt CDATA 2 abc com gt lt EmailAddress gt lt list gt lt distributionList gt config The configuration options for report creation Example lt config gt lt webAppReport gt lt target gt lt tags gt lt Tag gt lt id gt 102609 lt id gt lt Tag gt lt tags gt lt webapps gt lt WebApp gt lt id gt 324538 lt id gt lt WebApp gt lt webapps gt lt target gt status Keyword The status of the report RUNNING ERROR or COMPLETE creationDate Date The date when the report was created in UTC date time format YYYY MM DDTHH MM SSZ lastDownloadDate Date The date when the report was last downloaded in UTC date time format YYYY MM DDTHH MM SSZ downloadCount Integer The number of times the report has been downloaded Qualys Web Application Scanning API 189 Chapter 6 Report API Reference Report 190 Qualys Web Application Scanning API CHAPTER Report Creation API The WAS Report Creation API allows you to
199. ple com gt lt url gt lt owner gt lt id gt 45941 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt scope gt DOMAINS lt scope gt lt domains gt lt count gt 2 lt count gt lt list gt lt Domain gt lt CDATA corpl myapp com gt lt Domain gt lt Domain gt lt CDATA corp2 ab myapp com gt lt Domain gt lt list gt lt domains lt uris gt gt lt count gt 26 lt count gt lt list gt lt Url gt lt CDATA https corp2 ab myapp com gt lt Url gt lt Url gt lt CDATA http corpl myapp com otherUri param 1 gt lt Url gt 1 gt lt CDATA h lt Url gt lt 1 gt lt CDATA h lt Url gt lt 1 gt lt CDATA h lt Ur fa lt Ur 1 gt 42 lt Url gt lt CDATA http corp2 ab myapp com 8080 gt lt Ur1 gt lt Url gt lt CDATA http corpl myapp com otherUri gt lt Ur1l gt lt Url gt lt CDATA http corpl myapp com gt lt Url gt lt Url gt lt CDATA https corpl myapp com gt lt Url gt tp corpl myapp com startingUri gt lt Url gt CDATA https corp2 ab myapp com 443 gt lt Url gt tps corp2 ab myapp com otherUri param 1 gt lt Url gt CDATA https corpl myapp com 443 gt lt Url gt tp corp2 a
200. plication must be enabled in the user s account User must have API Access permission Web application must be within the user s scope User must have Ignore Vulnerabilities permission Examples Example 1 Activate all ignored findings POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 activate was finding Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 3 lt count gt lt data gt lt Finding gt lt id gt 1613225669 lt id gt lt Finding gt lt Finding gt lt id gt 1613255669 lt id gt lt Finding gt lt Finding gt lt id gt 1645195669 lt id gt lt Finding gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 257 Chapter 9 Finding API Activate Findings 258 Example 2 Activate specific finding POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 activate was finding 16 13255669 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xs
201. plications that have a name containing the string Merchant The service request in the POST data file file xml defines this search critera curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was webapp lt file xml Qualys Web Application Scanning API Chapter 1 Welcome Introduction to the WAS API Paradigm Note file xml contains the request POST data Qualys Web Application Scanning API 13 Chapter 1 Welcome Introduction to the WAS API Paradigm 14 Request POST Data for Request 1 lt ServiceRequest gt lt preferences gt lt limitResults gt 5 lt limitResults gt lt preferences gt lt filters gt lt Criteria field name operator CONTAINS gt Merchant lt Criteria gt lt filters gt lt ServiceRequest gt Response The number of records is greater than the default pagination value so the lt ServiceResponse gt element identifies the last ID of the object in the current page output lt ServiceResponse gt lt responseCode gt SUCCESS lt responseCode gt lt COUNT gt 5 lt COUNT gt lt hasMoreRecords gt true lt hasMoreRecords gt lt lastId gt 123 lt lastId gt lt data gt lt here you will find 5 web application records gt lt data gt lt ServiceResponse gt Request 2 To get the next page of results you need to edit your service request in fil
202. r an option profile Input View details for an option profile which is in the user s scope See Search option profiles to find a record ID to use as input URL https qualysapi qualys com gps rest 3 0 get was optionprofile lt id gt Methods allowed GET The element id Integer is required where id identifies an option profile Permissions User must have the WAS application enabled User must have API Access permission Option profile must be within the user s scope Example 220 View details GET Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was optionprofile 8 32265669 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt OptionProfile gt lt id gt 832265669 lt id gt lt name gt lt CDATA My Option Profile gt lt name gt lt owner gt lt id gt 8792415669 lt id gt lt username gt acme_ww lt username gt Qualys Web Application Scanning API Chapter 8 Option Profile API Get details for an option profile lt firstName gt lt CDATA Walter gt lt firstName gt lt lastName gt lt CDATA White gt lt lastName gt lt owner
203. r the external scanners If type is INTERNAL specify friendlyName Text Example lt defaultScanner gt lt type gt INTERNAL lt type gt lt friendlyName gt dp_scanner lt friendlyName gt lt defaultScanner gt proxy id Integer The default proxy for scanning the web application Example lt proxy gt lt id gt 12345 lt id gt lt proxy gt scannerLocked Boolean A flag indicating whether the default scanner appliance is locked for the web application Boolean Example lt scannerLocked gt false lt scannerLocked gt Qualys Web Application Scanning API 61 Chapter 2 Web Application API Reference WebApp Element data type Description useRobots Keyword A flag indicating whether to observe the Robots txt file and its directives if found when scanning the web application If set to IGNORE default the Robots txt file is ignANDed If set to ADD_PATHS the disallow and allow directives in the Robots txt file will be observed this means these directives will be added as link hints for the crawler If set to BLACKLIST the disallow directives in the Robots txt file will be observed this means scans will not crawl matching links useSitemap Boolean A flag indicating whether to adhere to a sitemap xml file if present in the web application true or false default headers The headers that need to be injected by the scanning engine to scan the web applicati
204. rrenceType gt ONCE lt occurrenceType gt lt cancelAfterNHours gt 7 lt cancelAfterNHours gt lt scheduling gt lt notification gt lt active gt false lt active gt lt notification gt lt nextLaunchDate gt 2015 09 30T20 11 00Z lt nextLaunchDate gt lt launchedCount gt 0 lt launchedCount gt lt createdDate gt 2015 06 26T20 54 302 lt createdDate gt lt createdBy gt lt id gt 2086786 lt id gt lt username gt ACME_tp16 lt username gt lt firstName gt lt CDATA FIRSTNAME gt lt firstName gt lt lastName gt lt CDATA LASTNAME gt lt lastName gt lt createdBy gt lt updatedDate gt 2015 06 26T20 54 302 lt updatedDate gt lt updatedBy gt lt id gt 2086786 lt id gt lt username gt quays_tp16 lt username gt lt firstName gt lt CDATA FIRSTNAME gt lt firstName gt lt lastName gt lt CDATA LASTNAME gt lt lastName gt Qualys Web Application Scanning API Chapter 5 Schedule API Create a schedule lt updatedBy gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 147 Chapter 5 Schedule API Update a schedule Update a schedule Update a scheduled scan on a web application which is in the user s scope URL https qualysapi qualys com qps rest 3 0 update was wassca nschedule lt id gt Methods allowed POST Input The id Integer element and the data to be updated in the
205. rstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt lt formRecord gt lt type gt STANDARD lt type gt lt sslOnly gt true lt sslOnly gt lt fields gt lt count gt 2 lt count gt lt list gt lt WebAppAuthFormRecordField gt lt id gt 826453 lt id gt lt name gt lt CDATA namel gt lt name gt lt value gt lt CDATA value gt lt value gt lt WebAppAuthFormRecordField gt lt WebAppAuthFormRecordField gt lt id gt 826452 lt id gt lt name gt lt CDATA name2 gt lt name gt lt value gt lt CDATA value gt lt value gt lt WebAppAuthFormRecordField gt lt list gt lt fields gt lt formRecord gt lt tags gt lt count gt 1 lt count gt lt list gt lt Tag gt lt id gt 1418973 lt id gt lt name gt lt CDATA Cert Tag gt lt name gt lt Tag gt lt list gt lt tags gt lt comments gt lt count gt 0 lt count gt lt comments gt lt createdDate gt 2013 09 23T20 21 042 lt createdDate gt lt createdBy gt lt id gt 4354 lt id gt lt username gt username lt username gt Qualys Web Application Scanning API 73 Chapter 3 Authentication API Get details for an authentication record lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt lt updatedDate gt 2013 10 22T05 48 572 lt updatedD
206. rviceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 1275177 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt 108 Qualys Web Application Scanning API Chapter 4 Scan API Retrieve the status of a scan Retrieve the status of a scan Retrieve the status of a scan on a web application which is in the user s scope URL https qualysapi qualys com gps rest 3 0 status was wassca n lt id gt Methods allowed GET Input The element id Integer is required where id identifies a scan Permissions User must have the WAS application enabled User must have API Access permission Scan target must be within the user s scope Example Get the status of the scan with the ID 164 Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 status was wasscan 164 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUC
207. rviceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 0 lt count gt lt ServiceResponse gt 24 Qualys Web Application Scanning API Chapter 2 Web Application API Search web applications Search web applications Returns a list of web applications which are in the user s scope URL https qualysapi qualys com gps rest 3 0 search was weba PP Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WebApp for descriptions of all lt WebApp gt elements id Integer createdDate Date name Text updatedDate Date url Text isScheduled Boolean tags isScanned Boolean tags name Text lastScan date Date tags id Integer lastScan status Keyword SUBMITTED RUNNING FINISHED ERROR or CANCELLED Allowed Operators Integer Text Date Keyword Boolean Permissions EQUALS NOT EQUALS GREATER LESSER IN CONTAINS EQUALS NOT EQUALS EQUALS NOT EQUALS GREATER LESSER EQUALS NOT EQUALS
208. ry regex true gt lt CDATA http rg blacklist gt lt UrlEntry gt lt list gt lt urlBlacklist gt lt urlWhitelist gt lt count gt 4 lt count gt lt list gt lt UrlEntry regex true gt lt CDATA http rg whitelist ab myapp com gt lt UrlEn try gt lt UrlEntry regex true gt lt CDATA http rg whitelist gt lt UrlEntry gt lt UrlEntry regex false gt lt CDATA http url whitelist 2 ab myapp com gt lt Url Entry gt lt UrlEntry regex false gt lt CDATA http url whitelist 3 ab myapp com gt lt Url Entry gt lt list gt lt urlWhitelist gt lt postDataBlacklist gt lt count gt 2 lt count gt lt list gt lt UrlEntry regex true gt lt CDATA http rg postdatblacklist ab myapp com gt lt UrlEntry gt lt UrlEntry regex true gt lt CDATA http rg postdatblacklist gt lt UrlEntry gt lt list gt 44 Qualys Web Application Scanning API Chapter 2 Web Application API Create a web application lt postDataBlacklist gt lt authRecords gt lt count gt 0 lt count gt lt authRecords gt lt useRobots gt BLACKLIST lt useRobots gt lt useSitemap gt true lt useSitemap gt lt headers gt lt count gt 1 lt count gt lt list gt lt WebAppHeader gt lt CDATA some headers gt lt WebAppHeader gt lt list gt lt headers gt lt malwareMonitoring gt false lt malwareMonitoring gt lt tags gt lt
209. s must be set name isDefault owner tags formSubmission maxCrawlRequests userAgent parameterSet ignoreBinaryFiles performance bruteforceOption bruteforceList numberOfAttempts detection sensitiveContent comments Permissions User must have the WAS application enabled User must have API Access permission User must have the Update Option Profile permission Example Example 1 Update minimum criteria POST Change the option profile name to Update Option Profile title for option profile ID 832265669 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was optionprofil e 832265669 lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt OptionProfile gt lt name gt lt CDATA Update Option Profile title gt lt name gt 230 Qualys Web Application Scanning API Chapter 8 Option Profile API Update an option profile lt OptionProfile gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was optionprofile xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Opt
210. sScanOption gt lt WasScanOption gt lt name gt Maximum Crawling Links lt name gt lt value gt 300 lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Bruteforce Settings lt name gt lt value gt MINIMAL lt value gt lt WasScanOption gt lt WasScanOption gt Qualys Web Application Scanning API 111 Chapter 4 Scan API Retrieve the results of a scan lt name gt Option Profile Name lt name gt lt value gt Initial WAS Options lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Scanner Appliance Name lt name gt lt value gt lt CDATA External IP 10 40 3 104 Scanner 6 2 13 1 WAS 2 13 5 1 Signatures 2 2 52 2 gt lt value gt lt WasScanOption gt lt WasScanOption gt lt name gt Ignore Binary Files lt name gt lt VALUE gt lt CDATA true gt lt VALUI lt WasScanOption gt al v lt list gt lt options gt lt launchedDate gt 2012 02 06T21 31 00Z lt launchedDate gt lt launchedBy gt lt id gt 35842 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt launchedBy gt lt status gt FINISHED lt status gt lt endScanDate gt 2012 02 06T21 49 342 lt endScanDate gt lt scanDuration gt 1114 lt scanDuration gt lt summary gt lt crawlDuration gt 16 lt crawlDuration gt lt testDurat
211. scheduling gt lt cancelAfterNHours gt 8 lt cancelAfterNHours gt lt startDate gt 2014 09 06T09 50 112 lt startDate gt lt timeZone gt lt code gt America Vancouver lt code gt lt offset gt 07 00 lt offset gt lt timeZone gt lt occurrenceType gt WEEKLY lt occurrenceType gt lt occurrence gt lt weeklyOccurrence gt lt everyNWeeks gt 2 lt everyNWeeks gt lt occurrenceCount gt 20 lt occurrenceCount gt lt onDays gt lt WeekDay gt SATURDAY lt WeekDay gt lt WeekDay gt SUNDAY lt WeekDay gt lt onDays gt lt weeklyOccurrence gt lt occurrence gt lt scheduling gt lt notification gt lt active gt true lt active gt lt reschedule gt true lt reschedule gt Qualys Web Application Scanning API 141 Chapter 5 Schedule API Create a schedule lt delay gt lt nb gt 1 lt nb gt lt scale gt DAY lt scale gt lt delay gt lt message gt lt CDATA A QualysGuard scan is scheduled to start soon gt lt message gt lt notification gt lt target gt lt webApp gt lt id gt 1296335669 lt id gt lt webApp gt lt webAppAuthRecord gt lt id gt 175535669 lt id gt lt webAppAuthRecord gt lt target gt lt profile gt lt id gt 712265669 lt id gt lt profile gt lt WasScanSchedule gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema insta
212. sed with the schedule settings Example lt target gt lt webApp gt lt id gt 324265 lt id gt lt name gt lt CDATA Merchant Site gt lt name gt lt url gt lt CDATA http url gt lt url gt lt webApp gt lt scannerAppliance gt lt type gt INTERNAL lt type gt lt friendlyName gt lt CDATA name gt lt friendlyName gt lt scannerAppliance gt lt cancelOption gt SPECIFIC lt cancelOption gt lt target gt profile id Integer The name of the option profile that includes scan settings The service provides the profile Initial WAS Options and we recommend this for getting started Example lt profile gt lt name gt lt CDATA Initial WAS Options gt lt name gt lt profile gt proxy id Integer The proxy for scanning the target web application Example lt proxy gt lt id gt 12345 lt id gt lt proxy gt createdDate Date The schedule creation date and time in UTC date time format YYYY MM DDTHH MM SSSZ Qualys Web Application Scanning API Element data type Chapter 5 Schedule API Reference WasScanSchedule Description createdBy The user who created the schedule Example lt createdBy gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt createdBy gt updatedDate Date The
213. t lt WebAppReportContent gt RESULTS lt WebAppReportContent gt lt contents gt lt graphs gt lt WebAppReportGraph gt VULNERABILITIES_BY_GROUP lt WebAppReportGraph gt lt WebAppReportGraph gt VULNERABILITIES_BY_OWASP lt WebAppReportGraph gt lt graphs gt lt groups gt lt WebAppReportGroup gt GROUP lt WebAppReportGroup gt lt WebAppReportGroup gt OWASP lt WebAppReportGroup gt lt groups gt lt options gt lt rawLevels gt true lt rawLevels gt lt options gt lt display gt lt filters gt lt includedSearchLists gt lt SearchList gt lt id gt 378688 lt id gt lt SearchList gt lt includedSearchLists gt lt status gt lt WebAppFindingStatus gt N EW lt WebAppFindingStatus gt lt WebAppFindingStatus gt ACTIVE lt WebAppFindingStatus gt lt WebAppFindingStatus gt R lt status gt lt filters gt lt webAppReport gt lt config gt lt Report gt lt data gt lt ServiceRequest gt 196 EOPENED lt WebAppFindingStatus gt Qualys Web Application Scanning API Chapter 7 Report Creation API Web Application Report Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was report xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt
214. t lt sensitiveContents gt lt count gt 0 lt count gt lt sensitiveContents gt lt igs gt lt count gt 10 lt count gt lt list gt lt WasScanlg gt lt qid gt 150058 lt qid gt Qualys Web Application Scanning API 115 Chapter 4 Scan API Retrieve the results of a scan lt title gt lt CDATA Flash Analysis gt lt title gt lt data base64 true gt lt CDATA ULdGIGZpbGU6IGhOdHA6Ly8xMC4xMC4yNi 4 yMzg 6O0DAVYm9xL2F VY 30vcGVyc2 ug Wwvd2 ludGVyMi5zd2YKICAgICBWZXJzaW9u0iA4CgpTVOYgZmlsZTogaHROcDovLzE wLjJEwLjI2Lj1z0C9ib3EVcHIVdGVjdGVkL21pbWUVZGVmYXVsdFBhZ2Uuc3dmCiAgI CAgVmVyc21vbjogNgoK gt lt data gt lt WasScanlg gt lt list gt lt igs gt lt WasScan gt 116 Qualys Web Application Scanning API Chapter 4 Scan API Cancel an unfinished scan Cancel an unfinished scan Cancel an unfinished scan on a web application which is in the user s scope Note that scan results will not be returned URL https qualysapi qualys com gps rest 3 0 cancel was wassc an lt id gt Methods allowed POST Input The element id Integer is required where id identifies a running scan Permissions User must have the WAS application enabled User must have API Access permission User must have Cancel WAS Scan permission Example Cancel the unfinished scan that has the ID 168 Request curl u USERNAME PASSWORD H content type text xml X POST
215. t lt Criteria field name operator CONTAINS gt server lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webappauthrecord xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2 lt count gt Qualys Web Application Scanning API Chapter 3 Authentication API Delete authentication records lt data gt lt WebAppAuthRecord gt lt id gt 12874 lt id gt lt WebAppAuthRecord gt lt WebAppAuthRecord gt lt id gt 13093 lt id gt lt WebAppAuthRecord gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 87 Chapter 3 Authentication API Delete authentication records 88 Qualys Web Application Scanning API CHAPTER Scan API The WAS Scan API provides a suite of API functions for managing web application scans These operations are available Current scan count Search scans Get scan details Launch a new scan Retrieve the status of a scan Retrieve the results of a scan Cancel an unfinished scan Delete an existing scan Looking for something else Reference WasScan Reference WAS Scan Results legacy Chapter 4 Scan API Current scan count Current scan count Returns the total number of scans in the user s account Input
216. t lt WasScanVulnInstance gt 114 Qualys Web Application Scanning API Chapter 4 Scan API Retrieve the results of a scan lt authenticated gt false lt authenticated gt lt payloads gt lt count gt 1 lt count gt lt list gt lt WasScanVulnPayload gt lt payload gt lt CDATA gt lt qss 20a REQUESTID gt gt lt payload gt lt result base64 true gt lt CDATA c3RhcnQoKTogVGhLIHN1c3Npb2 4gaWOgY 2 9udGFpbnMgaW52YWxpZCByja GFyYWNOZXJzLCB2YWxpZCB jaGFyYWNOZXJzIGFyZSBvbmx5IGEteiwgQSlaIGFuZCA whLTkgaW4gJmx0021mZ307L3Zhci93d3cvaHRtbC I9pbmNsdWRicy9jb25maWcucGhwJ mx0Oy9idJmd0OyBvbiBsaW51ICZsdDtiJmd00zImbHO7L21mZ307Imx002TyIC8mZ30 7CiZsdDticiAvJmd0OwombHO7YiZndDtXYXJuaW5nUmx00y9idJmd0OzogIHNlc3Npb 25 c3RhenooKTogQo2Fubm90IHNIbmogc2Vzc21vbiBJjJYWNoZSBsawWlpdGVyIC0gaGV hZGVycyBhbHJ1YWR5IHN1bnQgKG91dHB1dCBzdGFydGVkIGFOIC92YXIvd3d3L2h0b WwvaW5 JbHVKZXMvY2 9uZmlnLnBocDoyKSBpbiAmbHO7YiZndDsvdmFyL3d3dy9odG1 sL21uY2x1ZGVzL2NvbmZpZy 5waHAmbHO7L21mZ3071G9uIGxpbmUgJmx002ImZ307M iZsdDsvYiZndDsmbHQO7YnIgLyZndDsKJmx002JyIC8mZ307CizZsdDtidmd0Oldhcm5 pbmcmbHO7L21ImZ3070iAgO2Fubm90IG1vZGlmeSBoZWFkZXIgaW5mb3UtYXRpb24gL SBoZWFkZXJzIGFscmvhZHkgc2VudCBieSAob3V0cHVOIHNOYXJOZWOgYXOgL3Zhci9 3d3cvaHRtbC8 gt lt result gt lt WasScanVulnPayload gt lt list gt lt payloads gt lt WasScanVulnInstance gt lt list gt lt instances gt lt WasScanVuln gt lt list gt lt vulns g
217. t CDATA Demo Web App gt lt name gt lt url gt lt CDATA http 10 10 26 200 80 phpBB 1 4 4_ basic gt lt url gt lt owner gt lt id gt 123071 lt id gt 26 Qualys Web Application Scanning API Chapter 2 Web Application API Search web applications lt owner gt lt tags gt lt count gt 0 lt count gt lt tags gt lt createdDate gt 2008 11 22T13 45 462 lt createdDate gt lt updatedDate gt 2011 12 16T14 33 382 lt updatedDate gt lt WebApp gt lt data gt lt ServiceResponse gt Example 2 Search criteria POST Return a list of web applications in the user s account that have a name containing the word Merchant and an ID greater than 323000 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was webapp lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field name operator CONTAINS gt Merchant lt Criteria gt lt Criteria field id operator GREATER gt 323000 lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was webapp xsd gt l
218. t id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt T ES Qualys Web Application Scanning API Chapter 4 Scan API Search scans lt launchedBy gt lt status gt RUNNING lt status gt lt WasScan gt lt data gt lt ServiceResponse gt Example 2 List scans successful authentication POST Return a list of scans in the user s account that successfully authenticated to the target web application Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 search was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field authStatus operator EQUALS gt SUCCESSFUL lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt WasScan gt lt id gt 13096 lt id gt lt name gt lt CDATA
219. t lt CDATA My Web App gt lt name gt lt url gt lt CDATA http mywebapp com gt lt url gt lt config gt lt cancelScansAt gt 22 00 lt cancelScansAt gt lt config gt lt WebApp gt lt data gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys qualys com gps xsd 3 0 was webapp xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WebApp gt lt id gt 2392272 lt id gt lt WebApp gt lt data gt lt ServiceResponse gt 52 Qualys Web Application Scanning API Chapter 2 Web Application API Delete web applications Delete web applications Delete a web application configuration in your account URL https qualysapi qualys com gps rest 3 0 delete was webapp lt id gt https qualysapi qualys com gps rest 3 0 delete was webapp lt filters gt Methods allowed POST Input The id Integer element is required where id identifies a web application Additional elements are optional See Reference WebApp for descriptions of all lt WebApp gt elements id Integer createdDate Date name Text updatedDate Date url Text isScheduled Boolean tags name Text isScanned Boolean tags id Integer lastScan status Keyword SU
220. t lt CDATA Walter gt lt firstName gt lt lastName gt lt CDATA White gt lt lastName gt lt createdBy gt lt updatedDate gt 2014 09 08T23 18 282 lt updatedDate gt lt updatedBy gt lt id gt 8792415669 lt id gt lt username gt acme_ww lt username gt lt firstName gt lt CDATA Walter gt lt firstName gt lt lastName gt lt CDATA White gt lt lastName gt lt updatedBy gt lt OptionProfile gt lt data gt lt ServiceResponse gt 222 Qualys Web Application Scanning API Chapter 8 Option Profile API Create a new option profile Create a new option profile Create a new option profile URL https qualysapi qualys com gps rest 3 0 create was optionpr ofile Methods allowed POST Input Required elements are name and OptionProfile Additional elements are optional see examples below Permissions User must have the WAS application enabled User must have API Access permission User must have Create Option Profile permission Example Example 1 Create minimum criteria POST Create a new option profile with the name My Option Profile with defaults The default option profile settings are assigned automatically Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 create was optionprofil e lt file xml Note file xml conta
221. t Please check with your account manager to enable this option lt errorResolution gt lt responseErrorDetails gt lt ServiceResponse gt Qualys Web Application Scanning API 267 Chapter 10 Progressive Scanning Schedule API GET schedule The progressiveScanning element will be included in the call response if Progressive Scanning is enabled for the subscription API request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 get was wasscanschedule 8183 XML output lt xml version 1 0 encoding UTF 8 gt lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScanSchedule gt lt id gt 8183 lt id gt lt name gt lt CDATA WASUI 3772 3 gt lt name gt lt progressiveScanning gt ENABLED lt progressiveScanning gt 268 Qualys Web Application Scanning API Chapter 10 Progressive Scanning Scan Report Scan Report We ve made enhancements to scan results data when Progressive Scanning is enabled for the subscription When a vulnerability scan is processed all scan findings will be associated with the consolidated finding for the web application This occurs for every vulnerability scan even if Progressive Scanning is n
222. t Schedule lt Criteria gt lt Criteria field type operator EQUALS gt VULNERABILITY lt Criteria lt Criteria field webApp name operator CONTAINS gt Merchant lt Criteria gt lt Criteria field status operator EQUALS gt FINISHED lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt ServiceResponse gt 92 Qualys Web Application Scanning API Chapter 4 Scan API Current scan count Example 3 Count web applications without tags POST Return a count of scans of web applications that do not have any tags assigned Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field webApp tags operator NONE gt lt Criteria gt lt filters gt lt ServiceRequest gt Example 4 Count web applications with certain tags POST Return a count of scans of web applications that have certain tags assigned Request curl
223. t VULNERABILITIES_BY_OWASP lt ScanRe portGraph gt lt ScanReportGraph gt VULNERABILITIES_BY_WASC lt ScanRep ortGraph gt lt ScanReportGraph gt SENSITIVE_CONTENTS_BY_GROUP lt Sca nReportGraph gt lt graphs gt lt display gt display groups Identifies the vulnerability groups to display Applies to all reports Example for a Web Application Report or Scan Report lt display gt lt groups gt lt WebAppReportGroup gt GROUP lt WebAppReportGroup gt lt WebAppReportGroup gt OWASP lt WebAppReportGroup gt lt WebAppReportGroup gt WASC lt WebAppReportGroup gt lt groups gt lt display gt display options Specifies whether to display severity using levels 1 through 5 or using ratings low medium high Applies to all reports filters searchlists Identifies search list filters Applies to a Web Application Report Scan Report or Scorecard Report Example lt filters gt lt SearchlLsts gt lt SearchList gt lt id gt 43147 lt id gt lt SearchList gt lt SearchlLsts gt lt filters gt 210 Qualys Web Application Scanning API Element data type Chapter 7 Report Creation API Reference Report Creation Description filters url Text Identifies URL filters Applies to a Web Application Report Scan Report or Catalog Report Example lt filters gt lt url gt http www mysite com help html lt url gt lt filters gt filters status Identifies status f
224. t WeekDay gt SATURDAY lt WeekDay gt lt WeekDay gt SUNDAY lt WeekDay gt lt onDays gt lt weeklyOccurrence gt lt occurrence gt lt scheduling gt Example of single occurrence scan with the lt cancelTime gt optton lt scheduling gt lt startDate gt 2012 02 02T10 10 002 lt startDate gt lt timeZone gt lt code gt Europe Paris lt code gt lt timeZone gt lt occurrenceType gt ONCE lt occurrenceType gt lt occurrence gt lt cancelTime gt 11 15 lt cancelTime gt lt occurrence gt lt scheduling gt Qualys Web Application Scanning API Chapter 5 Schedule API Reference WasScanSchedule Element data type Description notification The notification settings lt active gt indicates whether notification is enabled lt delay gt indicates when the notification will be sent as number of days hours or minutes before the scan lt scale gt indicates the delay unit DAY HOUR or MINUTE lt recipients gt identifies the email addresses of the notification recipients lt message gt is the text of the notification message Example lt notification gt lt active gt true lt active gt lt delay gt lt nb gt 1 lt nb gt lt scale gt DAY lt scale gt lt delay gt lt recipients gt lt set gt lt EmailAddress gt lt CDATA 1 a com gt lt EmailAddress gt lt EmailAddress gt lt CDATA 2 a com gt lt EmailAddress gt lt set gt lt recipients gt lt message gt lt CDATA Th
225. t gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 205 Chapter 7 Report Creation API Catalog Report Catalog Report A Catalog Report shows you the number and status of entries in your web application catalog Input for this report Allowed input elements are listed below See Reference Report Creation for descriptions of these elements filters scanDate DatetimeRange display contents WebAppReportContent filters url Text display graphs WebAppReportGraph filters ip Text display groups WebAppReportGroup filters os Text display options rawLevels filters status EntryStatus Allowed Operators Integer EQUALS NOT EQUALS GREATER LESSER IN Text CONTAINS EQUALS NOT EQUALS Date EQUALS NOT EQUALS GREATER LESSER Keyword EQUALS NOT EQUALS IN 206 Qualys Web Application Scanning API Chapter 7 Report Creation API Catalog Report Example Create a catalog report Create a catalog report in CSV format selecting a single tag for the target Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 create was report lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt data gt lt Report gt lt name gt lt CDATA with all parameters CSV gt lt name gt lt descrip
226. t responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt hasMoreRecords gt false lt hasMoreRecords gt lt data gt lt WebApp gt Qualys Web Application Scanning API 27 Chapter 2 Web Application API Search web applications lt id gt 323476 lt id gt lt name gt lt CDATA Merchant site 1 gt lt name gt lt url gt lt CDATA http 10 10 25 116 80 merchant 2 2 themerchant gt lt url gt lt owner gt lt id gt 123056 lt id gt lt owner gt lt tags gt lt count gt 0 lt count gt lt tags gt lt createdDate gt 2011 02 21T15 24 492 lt createdDate gt lt updatedDate gt 2012 01 03T16 53 37Z lt updatedDate gt lt WebApp gt lt data gt lt ServiceResponse gt 28 Qualys Web Application Scanning API Chapter 2 Web Application API Get details for a web application Get details for a web application Returns details for a web application which is in the user s scope Want to find a web application ID to use as input See Search web applications URL https qualysapi qualys com gps rest 3 0 get was webapp lt id gt Methods allowed GET The web application screenshot when available is included in the output in the screenshot element as a base64 encoded binary string This string needs to be converted before a user can decode and view the image file png In order to encode screenshots we use urlSafe Base 64 encoding solution like other elem
227. tatus Keyword SUBMITTED RUNNING FINISHED ERROR or CANCELED webApp id Integer authStatus Keyword NONE NOT_USED SUCCESSFUL FAILED or PARTIAL reference Text resultsStatus Keyword NOT_USED TO_BE_PROCESSED NO_HOST_ALIVE NO_WEB_SERVICE TIME_LIMIT_EXCEEDED SCAN_RESULTS_INVALID SUCCESSFUL PROCESSING launched Date Date Permissions User must have the WAS application enabled User must have API Access permission User must have Delete WAS scan permission 118 Qualys Web Application Scanning API Chapter 4 Scan API Delete an existing scan Examples Example 1 Delete a specified scan POST Delete the scan with the ID 12405 Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 delete was wasscan 1240 BN Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 12405 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt Example 2 Delete scans with criteria POST Delete scans with a name that contains the string VULN Request curl u USERNAME PASSWORD H c
228. tent In HTML gt lt name gt 242 Qualys Web Application Scanning API Chapter 9 Finding API Search findings lt type gt SENSITIVE_CONTENT lt type gt lt severity gt 2 lt severity gt lt url gt lt CDATA http funkytown vuln ga qualys com cassium login 1 login php gt lt url gt lt status gt NEW lt status gt lt lastDetectedDate gt 2014 02 05T23 38 19Z lt lastDetectedDate gt lt lastTestedDate gt 2014 02 05T23 38 192 lt lastTestedDate gt lt webApp gt lt id gt 95729 lt id gt lt name gt lt CDATA WA3 SC gt lt name gt lt url gt lt CDATA http funkytown vuln qa qualys com gt lt url gt lt webApp gt lt Finding gt lt Finding gt lt id gt 5666 lt id gt lt qid gt 150016 lt qid gt lt name gt lt CDATA Sensitive Content In HTML gt lt name gt lt type gt SENSITIVE_CONTENT lt type gt lt severity gt 2 lt severity gt lt url gt lt CDATA http funkytown vuln gqa qualys com cassium login 2 login2 php gt lt url gt lt status gt NEW lt status gt lt lastDetectedDate gt 2014 02 05T23 38 19Z lt lastDetectedDate gt lt lastTestedDate gt 2014 02 05T23 38 192Z lt lastTestedDate gt lt webApp gt lt id gt 95729 lt id gt lt name gt lt CDATA WA3 SC gt lt name gt lt url gt lt CDATA http funkytown vuln gqa qualys com gt lt url gt lt webApp gt lt Finding gt
229. tion gt lt CDATA A simple Catalog report gt lt description gt lt type gt WAS_CATALOG_REPORT lt type gt lt format gt CSV lt format gt lt config gt lt catalogReport gt lt display gt lt contents gt lt CatalogReportContent gt DESCRIPTION lt CatalogReportContent gt lt CatalogReportContent gt SUMMARY lt CatalogReportContent gt lt CatalogReportContent gt GRAPHS lt CatalogReportContent gt lt CatalogReportContent gt RESULTS lt CatalogReportContent gt lt CatalogReportContent gt INDIVIDUAL_RECORDS lt CatalogReportContent gt lt contents gt lt graphs gt lt CatalogReportGraph gt ENTRIES_ADDED_OVER_TIME lt CatalogReportGraph gt lt CatalogReportGraph gt ENTRIES_BY_STATUS lt CatalogReportGraph gt lt graphs gt lt groups gt lt CatalogReportGroup gt STATUS lt CatalogReportGroup gt Qualys Web Application Scanning API 207 Chapter 7 Report Creation API Catalog Report 208 lt CatalogReportGroup gt OPERATING_SYSTEM lt CatalogReportGroup gt lt groups gt lt display gt lt filters gt lt status gt lt EntryStatus gt NEW lt EntryStatus gt lt EntryStatus gt SUBSCRIPTION lt EntryStatus gt lt EntryStatus gt ROGUE lt EntryStatus gt lt EntryStatus gt APPROVED lt EntryStatus gt lt EntryStatus gt REJECTED lt EntryStatus gt lt status gt lt scanDate gt lt st
230. tiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference Report for descriptions of these lt Report gt elements id Integer creationDate Date name Text type Keyword WAS_SCAN_REPORT WAS_WEBAPP_REPORT WAS_SCORECARD_REPORT WAS_CATALOG_REPORT or DATALIST_REPORT tags id Integer format Keyword HTML_ZIPPED HTML_BASE64 PDF PDF_ENCRYPTED CSV XML POWERPOINT or WORD tags name Text status Keyword RUNNING ERROR or COMPLETE Permissions User must have the WAS application enabled User must have API Access permission User must have Delete Report permission Report must be within the user s scope Qualys Web Application Scanning API 185 Chapter 6 Report API Delete one or more existing reports Examples Example 1 Delete a single report POST Delete the report with the ID 1393 Request curl u US ERNAME PASSWORD H Content type text xml X BOST https qualysapi qualys com gps rest 3 0 delete was report 6333 Response lt xml version 1 0 encoding UTF 8 gt lt ServiceRespons instance xmlns xsi http www w3 org 2001 XMLSchema xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was report xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt Report gt lt id gt 6333 lt
231. to the WAS API Paradigm XML Output and Schemas Web Application XSD https qualysapi qualys com qps xsd 3 0 was webapp xsd Authentication XSD https qualysapi qualys com qps xsd 3 0 was webappauthrecord xsd Scan XSD both valid https qualysapi qualys com qps xsd 3 0 was scan xsd https qualysapi qualys com qps xsd 3 0 was wasscan xsd Schedule XSD both valid https qualysapi qualys com qps xsd 3 0 was schedule xsd https qualysapi qualys com qps xsd 3 0 was wasscanschedule xsd Report XSD https qualysapi qualys com qps xsd 3 0 was report xsd Option Profile XSD https qualysapi qualys com qps xsd 3 0 was optionprofile xsd Finding XSD https qualysapi qualys com qps xsd 3 0 was finding xsd XML Output Pagination Truncation Logic The XML output of a search API request is paginated and the default page size is 100 object records The page size can be customized to a value between 1 and 1 000 If the number of records is greater than the page size then the lt ServiceResponse gt element shows the response code SUCCESS with the element lt hasMoreRecords gt true lt hasMoreRecords gt as shown below Follow the process below to obtain the first two the XML pages for an API request Please apply the same logic to get all the next n 1 pages until all records are returned This is indicated when lt hasMoreRecords gt false lt hasMoreRecords gt Request 1 Search for web ap
232. ty Details How to Download Vulnerability Details When you download web application scan results using the WAS API you ll want to view vulnerability descriptions from the Qualys KnowledgeBase in order to understand the vulnerabilities detected and see our recommended solutions You can do this programmatically using the KnowledgeBase API v2 api 2 0 fo knowledge_base vuln action list This API function is part of Qualys API v2 and it s described in the Qualys API v2 User Guide click here to download the latest version of the API v2 User Guide Making API Requests Authentication with valid Qualys credentials is required for making Qualys API requests When calling the V2 API functions you have the option to choose 1 session based authentication using login and logout operations or 2 basic HTTP authentication The GET or POST access method may be used to make an API request Authorized Qualys users have permissions to download vulnerability data using the KnowledgeBase API V2 Please contact Qualys Support or your sales representative if you would like to obtain authorization for your subscription For further information please refer to the Qualys API v2 User Guide Parameters The input parameters for the KnowledgeBase API v2 are described below Several optional input parameters may be specified When unspecified the XML output includes all vulnerabilities in the KnowledgeBase showing basic details for each vulnera
233. type Description id Integer The schedule ID This element is assigned by the service and is required for a certain type of request details activate deactivate owner The user who owns the schedule User properties include user ID user login first and last name Example lt owner gt lt id gt 123056 lt id gt lt username gt username lt username gt lt firstName gt lt CDATA John gt lt firstName gt lt lastName gt lt CDATA Smith gt lt lastName gt lt owner gt active Boolean The schedule is active true or false launchedCount Integer The number of times the scan has been launched nextLaunchDate Date The next launch date and time in UTC date time format YYYY MM DDTHH MM SS2Z Qualys Web Application Scanning API 163 Chapter 5 Schedule API Reference WasScanSchedule 164 Element data type Description target The target of the scan lt webApp gt is the target web application lt scannerAppliance gt type Keyword is set to INTERNAL for a scanner appliance or EXTERNAL for external scanners If the type is INTERNAL friendlyName Text is the user defined appliance name lt cancelOption gt set to DEFAULT Forces the use of the target web app s cancelScans option if set else fall back to the one passed in to the API with the schedule settings lt cancelOption gt set to SPECIFIC Always use the cancel scan option pas
234. type Description attributes Web application attributes set as categories Business Function Business Description and Business Location Example lt attributes gt lt set gt lt Attribute gt lt category gt Business Function lt category gt lt value gt lt CDATA function gt lt value gt lt Attribute gt lt Attribute gt lt category gt Business Location lt category gt lt value gt lt CDATA location gt lt value gt lt Attribute gt lt Attribute gt lt category gt Business Description lt category gt lt value gt lt CDATA description gt lt value gt lt Attribute gt lt set gt lt attributes gt tags Tags assigned to the web application Example lt tags gt lt set gt lt Tag gt lt id gt 12345 lt id gt lt Tag gt lt Tag gt lt id gt 12345678 lt id gt lt Tag gt lt set gt lt tags gt comments Text Comments on the web application scope Keyword The scanning scope for the web application ALL default LIMIT SUBDOMAIN or DOMAINS If set to ALL the scan will crawl all directories and sub directories of the starting URL If set to LIMIT crawling will be limited to the starting URI s initial path and sub directories If set to SUBDOMAINS any sub domain that is in the same domain as the specified domain name will be crawled If set to DOMAINS only the specified domains will be crawled uris Text Additional URLs to crawl Each must be a
235. u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com qps rest 3 0 count was wasscan lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field webApp tags id operator EQUALS gt 1516928 lt Criteria gt lt Criteria field webApp tags id operator EQUALS gt 1234567 lt Criteria gt lt filters gt lt ServiceRequest gt Qualys Web Application Scanning API 93 Chapter 4 Scan API Search scans Search scans Returns a list of scans on web applications which are in the user s scope URL https qualysapi qualys com gps rest 3 0 search was wassc an Methods allowed POST Input Allowed input elements are listed below The associated data type for each element appears in parentheses These elements are optional and act as filters When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScan for descriptions of these lt WasScan gt elements id Integer launchedDate Date name Text type Keyword DISCOVERY or VULNERABILITY webApp name Text mode Keyword MANUAL SCHEDULED or API webApp id Integer status Keyword SUBMITTED RUNNING FINISHED ERROR or CANCELED webApp tags with authStatus Keyword NONE NOT_USED oper
236. uest POST data lt ServiceRequest gt lt data gt lt WasScan gt lt name gt New WAS Vulnerability Scan launched from API lt name gt lt type gt VULNERABILITY lt type gt lt target gt lt webApp gt lt id gt 323126 lt id gt lt webApp gt lt scannerAppliance gt lt type gt EXTERNAL lt type gt lt scannerAppliance gt lt target gt Qualys Web Application Scanning API 263 Chapter 10 Progressive Scanning Scan API lt profile gt lt id gt 1021 lt id gt lt profile gt lt cancelAfterNHours gt 5 lt cancelAfterNHours gt lt progressiveScanning gt false lt progressiveScanning gt lt WasScan gt lt data gt lt ServiceRequest gt XML output lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscan xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 1 lt count gt lt data gt lt WasScan gt lt id gt 16954 lt id gt lt WasScan gt lt data gt lt ServiceResponse gt XML output error If Progressive Scanning is not enabled for the subscription the progressiveScanning element cannot be provided otherwise an error will be returned lt xml version 1 0 encoding UTF 8 gt lt ServiceRespons xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocat
237. uled scans on web applications which are in the user s scope URL Methods allowed https qualysapi qualys com gps rest 3 0 update was wassca nschedule lt id gt or https qualysapi qualys com gps rest 3 0 deactivate was was scanschedule lt filters gt POST Input The id Integer element is required to deactivate a specific schedule where id identifies a schedule When multiple elements are specified parameters are combined using a logical AND All dates must be entered in UTC date time format See Reference WasScanSchedule for descriptions of these lt WasScanSchedule gt elements id Integer type Keyword VULNERABILITY or DISCOVERY name Text active Boolean webApp id Integer invalid Boolean webApp name Text created Date Date owner id Integer updatedDate Date Permissions User must have the WAS application enabled User must have API Access permission User must have Edit WAS Schedule permission Scan target must be within the user s scope Qualys Web Application Scanning API 153 Chapter 5 Schedule API Deactivate an existing schedule Example 154 Deactivate a schedule POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 update was wasscansched ule 1688 lt file xml Note file xml contains the request POST data Request
238. ulnerability and Sensitive Content findings WAS_WEBAPP_REPORT RESU LTS WEB_APPLICATION VULNERABILITY_LIST VULNE RABILITY PAYLOADS PAYLOAD RESPONSE CONTENTS WAS_WEBAPP_REPORT RESU LTS WEB_APPLICATION SENSITIVE_CONTENT_LIST SE NSITIVE_CONTENT PAYLOADS PAYLOAD RESPONSE CONTENTS WAS_WEBAPP_REPORT RESU LTS WEB_APPLICATION VULNERABILITY_LIST VULNE RABILITY PAYLOADS PAYLOAD RESPONSE EVIDENCE WAS_WEBAPP_REPORT RESU LTS WEB_APPLICATION SENSITIVE_CONTENT_LIST SE NSITIVE_CONTENT PAYLOADS PAYLOAD RESPONSE EVIDENCE Sample Web Application Report XML lt VULNERABILITY gt lt ID gt 5943 lt ID gt lt QID gt 150001 lt QID gt lt URL gt lt CDATA http myuri apps com app xss 0 1 0 xss php s 20o0n Event 3dX146470180Y12Z lt PARAM gt lt CDATA s gt lt AUTHENTICATION gt Not lt STATUS gt NEW lt STATUS gt 20 gt lt URL gt lt PARAM gt Required lt AUTHENTICATION gt lt FIRST_TIME_DETECTED gt 2011 12 30T09 57 39Z lt FIRST_TIME_DETECTED gt 25 lt LAST_TIME_DETECTED gt 2011 12 30T09 57 39Z lt LAST_TIME DETECTED gt LAST_TIME_TESTED gt 20 11 12 30T09 57 39Z lt LAST_TIME_TESTED gt X lt lt TIMES_DETECTED gt 1 lt T lt PAYLOADS gt lt PAYLOAD gt lt NUM gt 1 lt NUM gt lt PAYLOAD gt lt CDATA s lt REQU
239. umber count of all findings in the user s scope Request curl u USERNAME PASSWORD https qualysapi qualys com qps rest 3 0 count was finding Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qualysapi qualys com qps xsd 3 0 was finding xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2815 lt count gt lt ServiceResponse gt Qualys Web Application Scanning API 239 Chapter 9 Finding API Current finding count 240 Example 2 Count criteria POST Request curl u USERNAME PASSWORD H content type text xml X POST data binary https qualysapi qualys com gps rest 3 0 count was finding lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field type operator EQUALS gt VULNERABILITY lt Criteria gt lt Criteria field severity operator EQUALS gt 5 lt Criteria gt lt Criteria field status operator IN gt NEW ACTIVE REOPENED lt Criteria gt lt filters gt lt ServiceRequest gt Response T lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation http qu
240. uthentication record EE 83 Delete authentication records ssssssessssesenssesresressessresrrssresrissessresresrrasresresrenreesrenee 85 Chapter 4 Scan API Current scan Ee En EE 90 SEATCH SCAN Se estate EE lesen Sense ege 94 SH E TEE 100 Launch anew scana e Ae RE E E A E EAAS 104 Retrieve the status of ascan 109 Retrieve the results of a SCAN cccccscesssessecessecsscecsececsecsseesseccseecssecaecessecsseeessecseeens 110 Cancel an unfinished can 117 Delete an existing S Can cciiseivcceetasnccsiscesetatesesscalesvscnbatsexesaasense si tsabsnseacadasteenesdarsansns oes 118 Reference Wast can 121 Reference WAS Scan Results legacy En 124 Contents Chapter 5 Schedule API Current scheckt enge Einen ann BRUDDRlin 128 Seaich schedules sn nee EE EEN 131 Get schedule details 137 Create a schedule 2 2 e iaer a EE 140 Updateasschedule 2 22 22 222 ran sel een el 148 Activate an existing sched le en 2 nen nn 151 Deactivate an existing schedule EE 153 Delete one or more existing schedules eneen 155 Download one or more schedules to Calendar 158 Reference WasScanSchedule ccccccccccsccesssessecescesssceseceseecsseecsseeeesesseceesecesesenseeeseeees 163 Chapter 6 Report API Current report coumt EEN 170 ele EE 172 E E EE 177 Get report ET 179 IR ent ER e EE 180 Send an encrypted PDF report 181 Update are port See 183 Delete one or more existing reports EE 185 Reference Reprin e aea
241. wasscansched ule lt file xml Note file xml contains the request POST data Request POST Data lt ServiceRequest gt lt filters gt lt Criteria field active operator EQUALS gt false lt Criteria gt lt Criteria field name operator CONTAINS gt WEEKLY lt Criteria gt lt filters gt lt ServiceRequest gt Response lt xml version 1 0 encoding UTF 8 gt lt ServiceResponse xmlns xsi http www w3 org 2001 XMLSchema instance xsi noNamespaceSchemaLocation https qualysapi qualys com qps xs d 3 0 was wasscanschedule xsd gt lt responseCode gt SUCCESS lt responseCode gt lt count gt 2 lt count gt Qualys Web Application Scanning API Chapter 5 Schedule API Delete one or more existing schedules lt data gt lt WasScanSchedule gt lt id gt 1747 lt id gt lt WasScanSchedule gt lt WasScanSchedule gt lt id gt 1768 lt id gt lt WasScanSchedule gt lt data gt lt ServiceResponse gt Qualys Web Application Scanning API 157 Chapter 5 Schedule API Download one or more schedules to iCalendar Download one or more schedules to iCalendar Download scheduled scans on a web applications which are in the user s scope to iCalendar format and then import them into your favorite calendar application so you can access your schedules on the go You can import your schedules into several calendars including Microsoft Outlook Google Ca
242. x element Element data type Description Web Application name Text The web application name maximum 256 characters This element is required to create a web application url Text The URL of the web application maximum 2048 characters This element is required to create a web application id Integer The web application ID This element is assigned by the service and required for an update request os The operating system of the web application owner Text This element is assigned by the service and may be specified for an update request only config Configure the cancel scan option Specify cancel after time or cancel at time Only one of lt cancelScansAfterNHours gt or lt cancelScanstAt gt is allowed in one config section Example for cancel after time lt config gt lt cancelScansAfterNHours gt 3 lt cancelScansAfterNHours gt lt config gt Example for cancel at time lt config gt lt cancelScansAt gt 2015 06 10T12 00 002 lt cancelScansAt gt lt config gt Notes about updating web applications If none of the above elements are specified in the config section the default cancel option is removed from the web app settings If the config section is not specified not changes are made to the web app settings Qualys Web Application Scanning API 59 Chapter 2 Web Application API Reference WebApp Element data
243. y8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va2lld6hyZWU7IGNvb2tpZTI9Y29va2l1ldHdvoyBjb29raw UxPWNvb2tpZWw9uZTSgUEhQUOVTU0LEPWEmMGJkMmI xOGEOMJgyNDRhYWYxNzZiMmI1 ODcwMTY10w0K gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadInstance gt lt payload gt lt CDATA PATH FILE test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt lt link gt lt CDATA http 10 10 26 238 accountcorp 3Cscript 20srce 3D http 3A 2F 2F localhost 2F4 20 gt lt link gt lt headers gt lt CDATA UmVmZXJl1cjogaHROcHM6Ly8xMC4xMC4yNi4yMzgvDOpDb2 9r aWU6IGNvb2tpZTM9Y29va2lldGhyZWU7IGNvb2tpZTI9Y29va2l1ldHdvoyBjb29raw UxPWNvb2tpZW9UZTsSgUEhQUOVTUOLEPTEYY2I1YZhhNTYwMDRJYWM2MDY2N2MOZTGO Y2VmZzWNJOwOK gt lt headers gt lt request gt lt response gt lt CDATA HTTP 1 1 lt CDATA TEST2 gt 200 OK gt lt response gt lt payloadResponce gt lt offset gt 232 lt offset gt lt length gt 36 lt length gt lt payloadResponce gt lt PayloadInstance gt lt PayloadInstance gt lt payload gt lt CDATA PATH FILE test2 lt CDATA TEST gt gt lt payload gt lt request gt lt method gt lt CDATA GET gt lt method gt
Download Pdf Manuals
Related Search