Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Announces Web Application Scanning (WAS) 3.0

QualysGuard WAS 3.0 Adds Malware Detection, Integration with Burp Suite, Advanced Scanning Configurations and Reporting Enhancements

SAN FRANCISCO, Calif. – RSA Conference USA 2013 Booth #1431, February 25, 2013 – Qualys, Inc., (NASDAQ: QLYS), a leading provider of cloud security and compliance solutions, today announced QualysGuard® WAS 3.0, adding malware detection and attack proxy support to provide customers and consultants with comprehensive web application security testing.

Recent studies confirm that attackers are increasingly targeting web applications to breach the security defences of organisations. The Verizon 2012 Data Breach Investigation report indicates that for large organisations, 54 percent of the hacking vectors for the investigated breaches were associated with web applications. The report adds that attackers are increasingly using hybrid attacks, with 61 percent of all breaches featuring a combination of hacking techniques and malware.

A new case study with Microsoft describes how their Information Security & Risk Management (ISRM) Team uses QualysGuard WAS to evaluate the security of its hundreds of web applications coming online through its subsidiaries every year. In the case study, Ahmad Mahdi, ISRM manager at Microsoft, stated, “We needed a comprehensive way to evaluate the security of these applications with speed and accuracy…Thanks largely to QualysGuard WAS, we now have a process that ensures applications meet a specific and very important security threshold.”

With QualysGuard WAS 3.0, organisations can discover and catalogue web applications on a global scale, then identify and remediate web applications vulnerabilities accurately and cost-effectively. QualysGuard WAS 3.0 provides malware detection for web sites, using advanced behavioural analysis to identify even zero-day malware that may infect users. The service proactively scans web sites for malware, providing automated alerts and in-depth reporting to enable prompt identification and resolution of vulnerabilities.

Additionally, 3.0 introduces advanced scanning configurations and reporting enhancements including report creation wizard and scorecard reports based on asset groups or tags, making it easy for users to create and customise reports for the audience they are targeting.

“Saba provides cloud-based learning and talent management solutions to over 10.4 million subscribers all over the world, making security and compliance a top priority for us,” said Randy Barr, chief security & Information officer for Saba. “QualysGuard WAS automated scanning capabilities enable us to regularly discover and scan all of our web properties for vulnerabilities and remediate them in a timely manner. With expanded capabilities such as malware detection and integrations with attack tools, QualysGuard WAS 3.0 helps us better ensure security and compliance for our customers.”

Lastly, attack proxies and integrated pen testing tools for scanning web applications compliment automated scanning and can provide organisations with another perspective on vulnerabilities that may be present in web applications. QualysGuard WAS 3.0 enables organisations to integrate the scan results of attack proxies such as Burp Suite with its automated scans, presenting comprehensive reports of the results, giving organisations a complete view of vulnerabilities across their web applications.

“As web applications have become the front door through which we exchange information, having an up-to-date inventory of all web applications within an enterprise is a key step to secure corporate data; and automating this process is essential,” said Philippe Courtot, chairman and CEO for Qualys. “Bringing such automation to organisations, small and large, has been in effect the driving force behind our QualysGuard WAS 3.0 release. Altogether, these new capabilities make this new release a comprehensive and cost effective solution to help organisations keep up with the increasing demands of enterprise web application security.”

Pricing and Availability

QualysGuard WAS 3.0 availability is targeted for the end of March 2013. It is sold as an annual subscription based on the number of web applications, starting at $1,995 per year, and includes 24x7 support and full updates.

For more information about QualysGuard WAS, please visit:

To read the full case study on Microsoft’s use of QualysGuard WAS, visit:

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organisations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organisations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey