Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Publishes Web Application Scanning for Dummies

Free Comprehensive Guide Available at Booth #1432 at RSA Conference 2011 and Online at

San Francisco, Calif. - February 15, 2011 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today at RSA Conference 2011 USA, announced that it has published a new comprehensive guide on Web Application Scanning (WAS) to help readers understand web application security - including how to quickly find and fix vulnerabilities in web applications.

Today more and more people are transacting business, conducting research, storing information, collaborating with co-workers, publishing personal thoughts, and fostering relationships using webapplications. Because the bulk of processing occurs on servers accessed through remote web sites, a vulnerability in a web application could give an attacker control over the application and access to the server, database and other back-end resources. As a result, unfortunately, web applications are an attractive target for hackers, and vulnerabilities are now among the most prevalent of all server vulnerability disclosures. The new “WAS for Dummies” book provides information on how to scan for vulnerabilities to proactively keep data in web applications secure.

“WAS for Dummies” outlines the process in five parts:

  • Why Web Security Matters, providing a primer on the importance of web application security.
  • Establishing a Web Application Security Program, presenting a framework of actions you can take to find and fix vulnerabilities in custom web applications.
  • Using Automated Scanning to Test Web Applications. This section provides a guide to choosing and using a scanner to automatically find and prioritize web application vulnerabilities.
  • Introducing QualysGuard WAS, describing the ease and simplicity of using a popular web application scanner from Qualys.
  • Ten Tips for Securing Web Applications. This last section provides a short list of steps to ensure stronger security for custom web applications.

“WAS for Dummies” is Qualys’ fourth book in John Wiley & Sons’ for Dummies publications. To learn more about these publications or to download free copies, visit:

About the Author
Mike Shema, security research engineer at Qualys, is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. He has extensive experience with information security, especially in the realm web application security. He is currently developing tools that automate the web application audit process. His prior experience includes research and development at NT Objectives, Inc. and information security consulting at Foundstone and Booz Allen Hamilton.

He has taught at the Black Hat conferences in Las Vegas, Singapore, and Amsterdam, and continues to speak regularly at premier industry conferences and events around the world. He holds B.S. degrees in Electrical Engineering and French from Penn State University.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters

Media Contact:
Tami Casey