Web Application Scanning API - Qualys

Web Application Scanning API

User Guide Version 3.12

June 03, 2022

Qualys Web Application Scanning API

Table of Contents

Get Started ....................................................................................................................................5 Web Application Scanning API .........................................................................................5 Qualys user account.............................................................................................................. 6 Making API Calls ......................................................................................................................7 URL to Qualys API server.................................................................................................... 11 Tracking API usage by user............................................................................................... 12 How to Download Vulnerability Details ....................................................................... 13 Know your portal version................................................................................................... 18 JSON Support......................................................................................................................... 21 YAML Support ....................................................................................................................... 28

Web Applications.....................................................................................................................34 Web Application Count .....................................................................................................34 Search Web Application.................................................................................................... 37 Get Web Application Details ...........................................................................................44 Create Web Application .................................................................................................... 57 Update Web Application...................................................................................................84 Delete Web Application .................................................................................................... 93 Purge Web Application ..................................................................................................... 97 Download Selenium Script .............................................................................................. 101 Reference: WebApp..........................................................................................................104

Authentication ...........................................................................................................................115 Authentication Count .........................................................................................................115 Search Authentication Record........................................................................................118 Get Authentication Record Details ..............................................................................123 Create Authentication Record .......................................................................................132 Update Authentication Record......................................................................................157 Delete Authentication Record....................................................................................... 164 Reference: Authentication .............................................................................................. 168

Catalog .........................................................................................................................................171 Catalog Entry Count ...........................................................................................................171 Search for a Catalog Entry ..............................................................................................173 Get Catalog Entry Details ................................................................................................177 Update Catalog Entry....................................................................................................... 180 Delete Catalog Entry..........................................................................................................182 Update Entries in Catalog ............................................................................................... 185 Add to Subscription .......................................................................................................... 186

Scans ........................................................................................................................................... 188 Scan Count............................................................................................................................ 188 Search Scans ........................................................................................................................ 193 Get Scan Details................................................................................................................. 204 Launch Scans (Single) ........................................................................................................211 Launch Scan (Multiple) ....................................................................................................222

Qualys Web Application Scanning API

Scan Again ............................................................................................................................232 Retrieve Scan Status ........................................................................................................ 234 Retrieve Scan Results ...................................................................................................... 236 Cancel Scan ......................................................................................................................... 246 Delete Scan.......................................................................................................................... 248 WasScan Reference ..........................................................................................................252 WAS Scan Results Reference ........................................................................................258 Schedules ................................................................................................................................. 260 Schedule Count.................................................................................................................. 260 Search Schedule ................................................................................................................ 265 Get Schedule Details ........................................................................................................ 274 Create a Schedule (single web application)............................................................278 Create Schedules (Multiple).......................................................................................... 295 Update Schedule ................................................................................................................ 310 Activate an Existing Schedule....................................................................................... 314 Deactivate Schedule ......................................................................................................... 318 Delete Schedule ..................................................................................................................322 Download Schedule ..........................................................................................................325 Reference: Schedule .........................................................................................................328 Reference: WasScanSchedule...................................................................................... 330 Reports ...................................................................................................................................... 338 Report Count ...................................................................................................................... 338 Search Report...................................................................................................................... 341 Get Report Details ............................................................................................................ 346 Get Report Status ............................................................................................................. 348 Download Report .............................................................................................................. 350 Send Encrypted PDF Report ..........................................................................................351 Update Report.....................................................................................................................353 Delete Report.......................................................................................................................355 Report Creation ..................................................................................................................... 358 Create Report ..................................................................................................................... 358 Web Application Report ................................................................................................ 359 Scan Report ......................................................................................................................... 367 Scorecard Report ...............................................................................................................377 Catalog Report ................................................................................................................... 384 Report Template Count .................................................................................................. 389 Search Report Template ................................................................................................. 391 Get details of Report Template ................................................................................... 395 Reference: Report ............................................................................................................. 398 Reference: Report Creation ........................................................................................... 401 Findings..................................................................................................................................... 407 Finding Count ..................................................................................................................... 407 Search Findings................................................................................................................... 412 Get Finding Details ........................................................................................................... 423 Ignore Findings ................................................................................................................... 431

Qualys Web Application Scanning API

Activate Findings .............................................................................................................. 439 Edit Finding Severity .......................................................................................................444 Restore Findings Severity.............................................................................................. 448 Retest Findings .................................................................................................................. 452 Retrieve Finding Retest Status .................................................................................... 455 WAS Findings in XML Report....................................................................................... 457 Reference: Findings.......................................................................................................... 463 Configuration .......................................................................................................................... 466 Option Profiles.................................................................................................................... 466 DNS Override ...................................................................................................................... 536 Burp ............................................................................................................................................ 559 Import Burp Issues............................................................................................................ 559 Error Messages........................................................................................................................572 Sample Messages: Elements ..........................................................................................572 Sample Messages: Authorization ................................................................................ 576 Sample Messages: Criteria ..............................................................................................577 Sample Messages: Report Storage Limit ..................................................................578 Available operators .............................................................................................................. 579

Get Started

Qualys Web Application Scanning API Get Started

Web Application Scanning API

The Web Application Scanning (WAS) API support scanning and reporting on web applications for security risks.

Modules supported

WAS

Authentication

Authentication to your Qualys account with valid Qualys credentials is required for making Qualys API requests to the Qualys API servers. Learn more about authentication to your Qualys account

Get API Notifications

We recommend you join our Community and subscribe to our API Notifications RSS Feeds for announcements and discussions.



About Qualys

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloudbased security and compliance solutions. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. For more information, please visit

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies

5

Qualys user account

Qualys Web Application Scanning API Get Started

Authentication to your Qualys account with valid Qualys credentials is required for making Qualys API requests to the Qualys API servers.

The application must authenticate using Qualys account credentials (user name and password) as part of the HTTP request. The credentials are transmitted using the "Basic Authentication Scheme" over HTTPS.

For information, see the "Basic Authentication Scheme" section of RFC #2617:



The exact method of implementing authentication will vary according to which programming language is used.

The allowed methods, POST and/or GET, for each API request are documented with each API call in this user guide.

Sample request - basic authentication curl -u "USERNAME:PASSWORD"

6

Making API Calls

Qualys Web Application Scanning API Get Started

Curl samples in our API doc

We use curl in our API documentation to show an example how to form REST API calls, and it is not meant to be an actual production example of implementation.

Making Requests with an XML Payload

While it is still possible to create simple API requests using the GET method, you can create API requests using the POST method with an XML payload to make an advanced request.

The XML payloads can be compared to a scripting language that allows user to make multiple actions within one single API request, like adding a parameter to an object and updating another parameter.

The XML structure of the payload is described in the XSD files.

XML Output Pagination / Truncation

The XML output of a search API request is paginated and the default page size is 100 object records. The page size can be customized to a value between 1 and 1,000. If the number of records is greater than the page size then the element shows the response code SUCCESS with the element true as shown below.

Follow the process below to obtain the first two XML pages for an API request. Apply the same logic to get all the next (n+1) pages until all records are returned. This is indicated when false.

Sample 1 - Search web apps

Search for web applications that have a name containing the string "Merchant". The service request in the POST data file "file.xml" defines this search criteria.

API request

7

Qualys Web Application Scanning API Get Started

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @"" < file.xml Note: "file.xml" contains the request POST data.

You'll notice the operator field value is set to 123, which is the value returned in of the previous page output. The GREATER operator is a logical "greater than" (it does not mean greater than or equal to).

Request POST data

5

Merchant

The number of records is greater than the default pagination value so the element identifies the last ID of the object in the current page output.

XML response

SUCCESS 5 true 123

Sample 2

To get the next page of results, you need to edit your service request in "file.xml" that will be passed to API request as a POST payload. According to

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download