Professional

Qualys WAS

The Qualys WAS extension connects Burp with the Qualys Web Application Scanning (WAS) module on the Qualys Cloud Platform. It lets you import a WAS finding into Repeater to manually validate a scanner-discovered vulnerability, and send Burp Scanner issues to Qualys WAS so you can view and report them alongside WAS findings for a more complete picture of your web application's security posture. A Qualys WAS subscription with API access is required.

Features

  • Import a Qualys WAS finding into Repeater by finding ID or by browsing a web app's open findings, then replay the request to confirm the vulnerability.
  • Send selected scanner issues to Qualys WAS directly from the issue context menu, with the option to purge or close existing Burp issues in WAS.
  • Supports all Qualys shared platforms (US, EU, Canada, India) as well as private cloud platforms.

Usage

  1. On the Qualys WAS tab, select the platform for your subscription, enter your Qualys username and password, and click Validate Credentials to confirm connectivity.
  2. To validate a finding, right-click in the Repeater request area and choose Import Qualys WAS Finding.
  3. Choose Enter Finding ID to fetch a known finding (the longer UUID is preferred), or Select from a Web App's Open Findings to browse open vulnerabilities for a chosen web app, then pick a payload if multiple are present.
  4. Click Import Request, update any transient authentication token such as a session cookie if needed, then send the request and inspect the response.
  5. To export issues, run passive and/or active scans, then open Target → Site map → Issues.
  6. Right-click the desired scanner issues, choose Send to Qualys WAS, select the target web application, set the purge or close option as needed, and confirm.

Author

Author

Dave Ferguson, Qualys

Version

Version

2.0.3

Rating

Rating

Popularity

Popularity

Last updated

Last updated

22 June 2026

Estimated system impact

Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.