Automating Web Application Scanning and Vulnerability Exposure

Summary - A unique use case was presented using Qualys Web Application Scanner. It is used for web app discovery and detection of vulnerabilities and misconfigurations within the organisation specific website. Over 150+ websites need to be scanned each quarter. Client had only 6 scan licenses, limiting them to scan 6 web applications to scan at a time. The process was manually to provide link, download reports, keep track in an excel file and monitor completion process.

FortiSOAR, addressed the issue by creating a custom module to import all the URLs for scan. Using schedule management, custom schedules were created to push URLs to Qualys web application scanner (WAS). FortiSOAR would check at a fixed interval to confirm completion of scan. If completed it would be download the report, delete the Url from Qualys and push a new URL. There by automating complete solution without increasing additional licenses for scan.

Process-flow

1f859bed4cd14e57a967d4421488dc2f.png

Tasks achieved 

1. Create custom module for Web Vulnerabilities
2. Push web URL to Qualys WAS scanner (Max 6)
3. Remove the URL with Finished tag from Qualys and upload limited URL as license count
4. Get the update of the scan 
5. Execute scan on URL upload
6. Mark scan complete

Prerequisite

1. Install and configure Qualys connector
2. Create a customer module in FortiSOAR under Vulnerability Management having following fields
   1. ID
   2. URL
   3. Status
   4. Owner
   5. Type
   6. Completion date
   7. Attachment