Qualys Announces Web Application Scanning (WAS) 3.0
QualysGuard WAS 3.0 Adds Malware Detection, Integration with Burp Suite, Advanced Scanning Configurations and Reporting Enhancements
SAN FRANCISCO, Calif. – RSA Conference USA 2013 Booth #1431, February 25, 2013 – Qualys, Inc., (NASDAQ: QLYS), a leading provider of cloud security and compliance solutions, today announced QualysGuard® WAS 3.0, adding malware detection and attack proxy support to provide customers and consultants with comprehensive web application security testing.
Recent studies confirm that attackers are increasingly targeting web applications to breach the security defenses of organizations. The Verizon 2012 Data Breach Investigation report indicates that for large organizations, 54 percent of the hacking vectors for the investigated breaches were associated with web applications. The report adds that attackers are increasingly using hybrid attacks, with 61 percent of all breaches featuring a combination of hacking techniques and malware.
A new case study with Microsoft describes how their Information Security & Risk Management (ISRM) Team uses QualysGuard WAS to evaluate the security of its hundreds of web applications coming online through its subsidiaries every year. In the case study, Ahmad Mahdi, ISRM manager at Microsoft, stated, “We needed a comprehensive way to evaluate the security of these applications with speed and accuracy…Thanks largely to QualysGuard WAS, we now have a process that ensures applications meet a specific and very important security threshold.”
With QualysGuard WAS 3.0, organizations can discover and catalog web applications on a global scale, then identify and remediate web applications vulnerabilities accurately and cost-effectively. QualysGuard WAS 3.0 provides malware detection for web sites, using advanced behavioral analysis to identify even zero-day malware that may infect users. The service proactively scans web sites for malware, providing automated alerts and in-depth reporting to enable prompt identification and resolution of vulnerabilities.
Additionally, 3.0 introduces advanced scanning configurations and reporting enhancements including report creation wizard and scorecard reports based on asset groups or tags, making it easy for users to create and customize reports for the audience they are targeting.
"Saba provides cloud-based learning and talent management solutions to over 10.4 million subscribers all over the world, making security and compliance a top priority for us," said Randy Barr, chief security & Information officer for Saba. "QualysGuard WAS automated scanning capabilities enable us to regularly discover and scan all of our web properties for vulnerabilities and remediate them in a timely manner. With expanded capabilities such as malware detection and integrations with attack tools, QualysGuard WAS 3.0 helps us better ensure security and compliance for our customers."
Lastly, attack proxies and integrated pen testing tools for scanning web applications compliment automated scanning and can provide organizations with another perspective on vulnerabilities that may be present in web applications. QualysGuard WAS 3.0 enables organizations to integrate the scan results of attack proxies such as Burp Suite with its automated scans, presenting comprehensive reports of the results, giving organizations a complete view of vulnerabilities across their web applications.
“As web applications have become the front door through which we exchange information, having an up-to-date inventory of all web applications within an enterprise is a key step to secure corporate data; and automating this process is essential,” said Philippe Courtot, chairman and CEO for Qualys. “Bringing such automation to organizations, small and large, has been in effect the driving force behind our QualysGuard WAS 3.0 release. Altogether, these new capabilities make this new release a comprehensive and cost effective solution to help organizations keep up with the increasing demands of enterprise web application security.”
Pricing and Availability
QualysGuard WAS 3.0 availability is targeted for the end of March 2013. It is sold as an annual subscription based on the number of web applications, starting at $1,995 per year, and includes 24x7 support and full updates.
For more information about QualysGuard WAS, please visit: https://www.qualys.com/was3.0.
To read the full case study on Microsoft’s use of QualysGuard WAS, visit: https://www.qualys.com/customers/microsoft.
Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.