Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Unveils QualysGuard Web Application Scanning (WAS) 2.0 with Support for JavaScript and Flash

Based on QualysGuard’s New Java-Based Backend and Web 2.0 UI Technology, QualysGuard WAS 2.0 Brings Web Application Scanning to a New Level of Automation

San Francisco, Calif. - February 14, 2011 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today at RSA Conference USA 2011, announced the release of QualysGuard WAS 2.0 with several major enhancements to help customers catalog their web applications on a global scale and scan them for vulnerabilities that can lead to exploitation. The new release, delivered via the QualysGuard SaaS platform and its new Java-based backend (see related news release), comes with a new Web 2.0 User Interface (UI) that raises the bar in terms of ease-of-use, flexible reporting and automation of scanning tasks.

Qualys will unveil these capabilities for the first time at the RSA Conference 2011, booth #1432, tonight at 7 p.m. PT.

“Software flaws are a significant source of loss through security and safety incidents, and they also result in greatly increased development and maintenance costs.” Moreover, “dynamic testing — and Web application scanning in particular — is an important component of software assurance and security testing — one that plays an increasingly important role in enterprise software security programs,” said Ramon Krikken, research director for Gartner.*

Major enhancements in QualysGuard WAS 2.0 include:

  • Cataloging and scanning of web applications in the enterprise (Intranet, Internet) or in the cloud, including Amazon EC2 and VPC platforms (see related release)

  • Fully interactive UI with flexible workflows and reporting

  • Supports scanning HTML web applications with JavaScript and embedded Flash

  • Comprehensive detection of custom web application vulnerabilities including:

    • OWASP Top 10 vulnerabilities: SQL injection, cross-site scripting (XSS), source disclosure, directory traversal
    • Checks web applications’ handling of sensitive or secret data
    • Reports on recommended secure coding practice and configuration
    • Differentiates exploitable fault-injection problems from simple information disclosure
  • Customisable scanning options:

    • Customised crawling using Black/White lists and Robots.txt and Sitemap.xml files
    • Supports common authentication schemes
    • Performs brute force attack using pre-defined and custom password lists
    • Profiles custom web application behaviors
    • Configures scanning performance with customisable performance level

“Based on our new Java-based backend that leverages Web 2.0 UI technologies, this release brings web application scanning to an unprecedented level of automation and functionality,” said Philippe Courtot, chairman and CEO for Qualys. “This new release allows customers and service providers to catalogue and scan thousands of web applications within the enterprise or in the cloud at a price point any organisation can afford.”

Availability and PricingQualysGuard WAS 2.0 will be available on March 1, 2011 in Beta to QualysGuard subscribers. It will be sold as annual subscriptions based on number of web applications, and includes 24x7 support and full updates.

  • Gartner Report G00208379: Dynamic Software Security Testing: Web Application Scanning Technology Assessment, Ramon Krikken, Dec. 17, 2010

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson
Contact: Kim Smith
éclat Marketing
+44 (0)1276 486 000

For all other matters

Media Contact:
Tami Casey