Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Free Qualys Security Scan Available for the New SANS Top 20

New Zero-Day and Client-Side Application Vulnerabilities Scan Available at

London - November 15, 2006 - Qualys, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2006 that was announced earlier today. The SANS Top 20 is designed by the SANS Institute and security experts from industry and government to provide organizations with a prioritized list of newly discovered exposures to their networks. Qualys’ free scan for the 2006 SANS Top 20 is available at

“Our list of the top 20 vulnerabilities does no good at all unless companies discover whether their computers can be compromised and fix the ones that have the vulnerabilities,” said Alan Paller, Director of Research, SANS. “I have been enormously appreciative of Qualys, both for helping to research the Top 20, and for making a free testing tool available that tells businesses and government agencies whether their systems are vulnerable to the Top 20.”

In addition to identifying vulnerabilities in Windows and UNIX categories, this year’s Top 20 demonstrated a shift from server-side to client-side vulnerabilities and includes categories for zero-day vulnerabilities and highlights the most important Microsoft Office and Web application exploitable vulnerabilities. These changes further reflect the increase in exploits for malicious or personal gain, such as targeting military and government contractor sites using phishing attacks. The full SANS report can be found at

“The SANS Top 20 list is an important tool in helping businesses prioritize their efforts to address security vulnerabilities,” said Amol Sarwate, manager of the Vulnerability Lab at Qualys and a contributing member to the SANS Top 20. “As a service to our customers and the security community as a whole, Qualys supports the SANS Institute and we are glad to share our research invulnerability management to help organizations address the increasing threats in client-side and application vulnerabilities and criminal-based attacks.”

Sarwate, along with other experts in the community, provided contributions to the development of the SANS Top 20 list and presented on the topics of client-side vulnerabilities and zero-day threats at the SANS Top 20 event in London on Wednesday.

According to the Top 20 list, the shift from server-side to client-side vulnerabilities continues to be an increasing trend, as are attacks by cyber criminals for financial gain. And, according to the SANS Institute, there has been a significant surge in the number of online criminals in Asian countries, as well as Eastern European initiated attacks. As a result, several banks have reported 400 to 500 percent increases in losses to cyber fraud from 2005 to 2006.

Qualys’ on demand model provides customers with immediate vulnerability updates, such as the Top-20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard® service detects new exposures in the SANS Top-20.

About Qualys

Qualys, Inc., the leader in on demand vulnerability management and policy compliance serves more than 2,200 enterprise subscribers around the world including 200 of the Forbes Global 2000. QualysGuard Software as a Service (SaaS) solutions help security managers effectively strengthen the security of their networks, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ cost effective on demand technology requires no capital outlay, infrastructure or maintenance and can be deployed in a matter of hours anywhere in the world. Qualys global customers include AXA, DuPont, eBay, ICI Ltd, Kaiser Permanente, Novartis, Oracle and many others. Qualys is headquartered in Redwood City, California, with business units in Europe and Asia. For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey