Qualys Web App Scanner 4.9 Boosts JSON Security Testing
Qualys Web Application Scanning (WAS) has rolled out version 4.9, boasting enhanced capabilities to tackle modern web application security challenges. The update focuses on AJAX applications that utilise JSON input, a staple in contemporary web development.
The latest version of Qualys WAS introduces a new feature that enables detection of SQL injection (SQLi), local file injection (LFI), and PHP command injection in JSON requests. This is achieved by sending specially crafted JSON inputs to trigger potential vulnerabilities.
The tool also tests for local file inclusion (LFI) vulnerabilities by sending a crafted JSON input. Additionally, it tests for PHP command injection by sending a command as part of the JSON input. This capability uses the SmartScan feature, which customers need to enable in their subscriptions.
Many newer web applications rely heavily on AJAX with JSON input for asynchronous requests and responses. This update ensures that Qualys WAS can effectively scan and identify potential security risks in these modern applications.
Qualys Web Application Scanning 4.9 has expanded its capabilities to test AJAX applications that use JSON input for vulnerabilities. This update addresses the evolving landscape of web application development, ensuring that security measures keep pace with technological advancements. Companies like Lucent Sky and Black Duck's fAST Dynamic offer complementary tools that can also help detect and mitigate potential security threats in web-based applications.
