See Resources

Web Application Security via the Cloud

Scale and Cut Costs with Qualys WAS

Scale and
Cut Costs

Scale seamlessly from a handful of apps to thousands

Cloud automation, no hardware to deploy

Fast setup, always up-to-date

No specialized expertise required

Identify OWASP Top 10 Risks with Qualys WAS

Identify OWASP Top 10 Risks

Accurately find OWASP vulnerablities and learn how to eliminate them

Scan for SQL Injection, XSS, CSRF, URL redirection, etc.

Qualys is a Premier Corporate Member of OWASP

Find Hidden Malware with Qualys WAS

Find Hidden Malware

Automatically find and eradicate malware infections on your websites

Continuously monitor your websites for new infections with regularly scheduled scans and email alerts

Protect with Qualys WAF

Protect With Qualys WAF

Find vulnerabilities with WAS, then mitigate with WAF from the same place

Block direct access to app servers

Add security without modifying apps

We found Qualys WAS ideal for our
need to assess thousands of websites with
limited resources.

Read Case Study

Read Microsoft Success Story: Reining in Global Web Application Security Risk

Qualys Web Application Scanning

Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.

Why Qualys WAS?

Built on the world’s leading Cloud security and compliance platform, Qualys WAS frees you from the substantial cost, resource and deployment issues associated with traditional software products. Known for its fast deployment, ease of use, and unparalleled scalability (scan thousands of web applications), Qualys WAS is relied upon by leading companies around the world.

WAS Features


Global Scalability and Manageability.

As part of the award-winning Qualys Cloud Platform, Qualys WAS helps you truly reduce risk by automatically finding the official and “unofficial” apps that may be hiding in your environment.

  • Immediate deployment — no hardware to set up, always up-to-date
  • Global scalability — add more apps anytime, throughout the world
  • Multiple, unified solutions — one console for WAS, WAF, VM and more
  • Centralized management — apply policies consistently across apps
  • XML APIs — publish data to other enterprise systems (e.g., SIEM)

Free Trial

Subscription Options


Automated, Dynamic Deep Scanning.

Qualys Web Application Scanning Catalog Screenshot
Application Discovery and Cataloging
Find New and unknown web apps in your network

Web applications can be put onto your network by almost anyone in your organization – and can just as easily be forgotten (large organizations can have hundreds or even thousands of apps). Qualys WAS helps you truly reduce risk by automatically finding the official and “unofficial” apps that may be hiding in your environment.

Qualys Web Application Scanning Asset Tagging
Customizable Asset Tagging
Organize your data and reports with your own labels

As the number of web apps in your organization grows, keeping them organized is critical to proper security. With Qualys WAS, you can tag your applications with your own labels and then use those labels to control reporting and limit access to scan data.

Free Trial

Subscription Options


Scan applications everywhere (perimeter, internal networks and
Amazon EC2) accurately and efficiently.

Qualys Web Application Scanning Catalog Screenshot
Scalable, High-Accuracy Progressive Scanning new
Save time, keep focused on what matters most.

Qualys WAS is designed to reliably find true vulnerabilities without wasting your time with false findings. You can detect OWASP Top 10 risks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection – then prioritize them and focus on the issues that will have the most impact. Scans automatically update vulnerability statuses to provide you with key information about what issues are new, ongoing and fixed. And with the new Progressive Scanning option, you will get even better coverage over multiple scans and enable continuous testing of your web applications.

Qualys Web Application Scanning Catalog Screenshot
Authenticated Scanning
Automatically login to test like a real user.

Simply specify a username and password; Qualys WAS automatically identifies login forms and authenticates so that scans operate as if they were real users. Multiple web app authentication methods (including Form, HTTP Basic, HTLM and Digest) provide compatibility with a wide range of applications. For advanced authentication, login actions can be recorded and played back through Selenium, the open source browser automation system that is widely used for web app functional testing.

Qualys Web Application Scanning Recurrence Screenshot
MultiScan, Scheduled & On-Demand Scanning new
Scalable scans scheduled for exactly when you want them.

With MultiScan you can scan hundreds to thousands of scans with a few clicks. You can start scans whenever you want, immediately or schedule them to run at some time in the future. You can even control how long scans are allowed to run so that they fit into allotted maintenance times.

Qualys Web Application Scanning Malware Detection Screenshot
Malware Detection
Find hidden malware before it attacks your users.

Protect your organization’s reputation and your users security by rooting out malicious code and content that’s been hidden in your website or applications. Advanced behavioral analysis helps identify even zero-day malware that eludes anti-virus and anti-spyware packages.

Qualys Web Application Scanning Burp Report Screenshot
Incorporate Penetration Testing Data
Keep web app testing data in one place.

Store your web app testing data in one place, whether it’s from manual penetration testing tools such as Burp Suite or Qualys automated scans. Avoid reinventing your manual tests and get a complete view of vulnerabilities across your applications.

Free Trial

Subscription Options


Identify the highest business risks and take action.

OWASP Top 10 Detections
Industry Standard Reporting (OWASP)
Zero in on OWASP Top 10 Risks.

The Open Web Application Security Project (OWASP) Top 10 list has become the industry standard for categorizing the most critical risks faced by web apps. Qualys WAS enables you to accurately find these vulnerabilities – including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection – and learn how to efficiently eliminate them. Qualys is a Premier Corporate Member of OWASP.

Qualys Web Application Scanning Reporting
Highly-Customized Reporting new
Get the big picture and drill into the details.

Take your scan results from data to insights to action in minutes. With Qualys WAS’s highly-customizable, interactive reporting, you can perform powerful analyses of your scans across many applications at once and tailor how the results are presented to different audiences with customized report templates.

Qualys Web Application Scanning Catalog
Unified, Interactive Dashboard
Understand the security of your apps at a glance.

See a comprehensive view of completed scans, reports and identified vulnerabilities on a single screen. With Qualys WAS, you can scan applications anywhere – inside your network, hosted on the Internet, or based in the Cloud – and manage the results together.

Free Trial

Subscription Options


Rapidly harden web apps with integrated WAF.

Qualys Web Application Scanning and Web Application Firewall
Complete Web Security with WAF Integration
Detect with WAS, protect with WAF.

Qualys WAF works together with Qualys Web Application Scanning (WAS) to provide true, integrated web application security. From a single console, you can detect application vulnerabilities with WAS and then rapidly protect them from attack with WAF, even at global scale. The Qualys Cloud Platform keeps everything in sync, avoiding the redundancies and gaps that come with trying to glue together separate, siloed solutions.

Qualys Web Application Scanning Comes with Extensive APIs
Extensive APIs
Integrate scan data into other security systems.

A rich set of APIs lets you use the results of your web application scans as a source of valuable information for your other security and compliance systems. Use Qualys WAS with web application firewalls (WAF), security information and event management (SIEM) and enterprise risk management (ERM) solutions.

Free Trial

Subscription Options

Qualys Cloud Platform

& Integrated Suite of Security & Compliance Applications

There’s nothing to install or maintain. Grow with your business!

  • Qualys AssetView Badge AssetView Search millions of IT assets in seconds, wherever they reside. Learn More
  • Qualys Vulnerability Management Badge Vulnerability
    Recognized as the market leader in vulnerability management. Learn More
  • Qualys Continuous Monitoring Badge Continuous
    Always-on, automated monitoring of your global network. Learn More
  • Qualys ThreatPROTECT Badge ThreatPROTECT Quickly visualize and prioritize security threats at-a-glance. Take action on the threats that matter most. Learn More
  • Qualys Web Application Scanning Badge Web Application
    Discover, catalog and scan all of your web apps for vulnerabilities and website misconfigurations. Learn More
  • Qualys Web Application Firewall Badge Web Application
    Continuously stop web attacks and prevent data breaches on your applications. Learn More
  • Qualys Malware Detection Badge Malware
    Protect your online customers from malware infections and safeguard your brand. Learn More
  • Qualys Secure Seal Badge SECURE
    The most comprehensive website security seal on the Internet. Learn More
  • Qualys Policy Compliance Badge Policy
    Pass security audits and document compliance to both internal and external auditors. Learn More
  • Qualys Security Assessment Questionnaire Badge Security Assessment
    Assess business risk with automated campaigns. Learn More
  • Qualys PCI Compliance Badge PCI
    A quick, cost effective way to achieve PCI Compliance by yourself. Qualys is an Approved Scanning Vendor. Learn More
  • Sign up for a Free Trial

    There’s nothing to install or download

Please wait for the image to load.
Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Free Trial & Tools
Popular Topics