Welcome to WAS
5
REST API Scanning, CI/CD Integration, and More
We support Swagger version 2.0, allowing DevOps teams to streamline assessments of
REST APIs and get faster visibility of the security posture of mobile application backends
and Internet of Things (IoT) services. Additionally, a new native plugin for Jenkins delivers
automated vulnerability scanning of web applications for teams using the popular
Continuous Integration/Continuous Delivery (CI/CD) tool. In tandem, customers can now
leverage the new Qualys Browser Recorder, a free Google Chrome browser extension, to
easily review scripts for navigating through complex authentication and business
workflows in web applications.
- Scanning of Swagger-based Representational State Transfer (REST) APIs - In addition to
scanning Simple Object Access Protocol (SOAP) web services, Qualys WAS leverages the
Swagger specification for testing REST APIs. Users need to only ensure the Swagger version
2.0 file (JSON format) is visible to the scanning service, and the APIs will automatically be
tested for common application security flaws.
- Enhanced API Scanning with Postman Support - Postman is a widely-used tool for
functional testing of REST APIs. A Postman Collection is a file that can be exported from
the tool that clubs together related requests (API endpoints) and share them with other
users. These collections are exported in JSON format. With the release of Postman
Collection support in Qualys WAS, customers have the option to configure their API scans
using the Postman Collection for their API.
- Jenkins plugin - The Qualys WAS Jenkins plugin empowers DevOps teams to build
application vulnerability scans into their existing CI/CD processes. By integrating scans in
this manner
,
application security testing is ac
complished earlier in the SDLC to catch and eliminate security flaws thereby significantly reducing the cost of remediation compared
to doing so later in the SDLC. Download the plugin here.
- Qualys Browser Recorder – This new Chrome extension allows users to record web
browser activity and save the scripts for repeatable, automated testing. Scripts are played
back in Qualys WAS, allowing the scanning engine to successfully navigate through
complex authentication and business workflows. The Qualys Browser Recorder extension
is free and available to anyone (not just Qualys customers) via the Chrome Web Store.