The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd’s approved security researchers.

Qualys WAS customers running a bug bounty program via Bugcrowd are now able to import unique vulnerabilities from Bugcrowd’s Crowdcontrol platform into Qualys WAS. As part of the integration, the Detections tab has been moved to the top level in the WAS user interface, and each individual finding is now labeled as either Qualys, Bugcrowd, or Burp.

Bugcrowd customers using Qualys Web Application Scanning are now able to import vulnerability data from automated scans directly into the Crowdcontrol platform and use that data to optimize their bug bounty program scope and incentives.

Joint customers can use these integrations to reduce data sets and their management cost by combining vulnerability data from bug bounty programs and automated scans into a single, more complete set of vulnerabilities. By allowing a centralized repository, users can also create custom permission sets that streamline and accelerate data sharing.


All features described here are now available. Here are some resources to get you started:

  • Bugcrowd documentation:
    • Qualys integration data sheet
    • Automatically import Qualys WAS scan data into Crowdcontrol
  • Qualys documentation: About Bugcrowd Findings
  • Video: Integrating Qualys WAS and the Creativity of the Crowd


This post originally appeared on the Qualys Blog