Yes. Once you have created your account and entered your website domain, you are given a snippet of HTML code that you embed on your site. Qualys SECURE Seal will analyze your website from our servers in the cloud with no need for any software to be installed on your web server.
The Qualys SECURE Seal is simple to install. After purchasing and signing up, you receive a snippet of HTML that you embed on your site. The Qualys SECURE Seal trustmark will automatically be displayed on your site after your sites passes a Qualys SECURE Seal scan consisting of the following:
No. Do not modify the Qualys SECURE Seal trustmark in any way. See the SECURE Seal Usage Guidelines for details on displaying the trustmark. This document outlines the seal specifications and display requirements (sizing and clear space).
Please see the SECURE Seal Usage Guidelines document for information about displaying the seal on your website.
Qualys will automatically scan you site on a recurring basis:
You may also scan your site “on-demand” at any time.
If Qualys SECURE Seal indentifies an issue during a scan, you are sent an email notification. The email directs you to login to the Qualys SECURE Seal portal to review and fix the security issues(s) identified by the scan.
The Qualys SECURE Seal trustmark is only displayed by merchants who remediate discovered malware and critical vulnerabilities from their website within the specified grace period of 72 hours. Should the issues(s) remain unresolved beyond 72 hours, the Qualys SECURE Seal trustmark will be revoked and no longer displayed until the problems have been resolved. You may re-scan your site at any time via the Qualys SECURE Seal portal.
Qualys SECURE Seal indentifies malware and vulnerabilities when the scan is conducted. The Qualys SECURE Seal will be removed if security issues, including but not limited to the following, are detected:
Your website will fail our security tests if you have added a list of blacklisted resources for your website. The finding will report a list of the blacklisted resources which were defined for the website at the time of the scan. Important: When there are blacklisted resources, all SECURE Seal scans will fail and the seal will not be displayed on your website. To display the seal you must follow these steps: 1) Go to the website details, 2) Click "Edit WAS Scan Options" under Actions and remove all of the site's blacklisted resources, and 3) Launch a SECURE Seal scan. You can wait for the next scheduled scan or click “Scan Now” to start the scan right away. If there are pages that you believe should not be included in the Seal Scan, please select “Request Exception” in the management portal.
Yes. Qualys provides links to fixes or workarounds from scan results to help network administrators remedy vulnerabilities. Our Security Engineers have validated each solution in our vulnerability lab to ensure that they function as specified for the appropriate operating system.
All Seal scans are run from the cloud and examine only internet facing websites. Seal uses the URL of the website to identify the target. There are no configuration options for Seal scans in contrast to both VM and WAS scans which both have a wide range of configuration options.
The Seal VM scan begins with TCP and UDP host discovery using the “Standard Scan” configuration in VM, which examines approximately 1900 TCP ports and 180 UDP ports. Once the port discovery is completed a complete vulnerability scan is conducted. The scan is done intelligently, meaning that the discovery results and ongoing scan results will guide the subsequent scans. For example, it the scans show that the Web Server is a Microsoft IIS Server then the vulnerability scan will not launch checks against a Linux web server.
Seal WAS scans cover a subset of the full WAS scans, returning results for the most critical vulnerabilities.
You have encountered a form on your website that is designed to send emails. When the service is scanning for web application vulnerabilities, the web crawler exercises these forms. In order to prevent the emails from being sent, you will need to update your website's source code. This can be done as follows:
The SECURE Seal service needs to run security tests on all forms it encounters on a website to be sure all forms are not susceptible to SQL injection, Cross-Site Scripting (XSS), or other security issues.
When you added your website, if you selected the option "Let Qualys Choose Each Time" the service selects an IP address each time you run a SECURE Seal scan based on the network information available at the time of the scan. It's possible that your scans target different IP addresses when you run your scans. In this case the perimeter findings and the certificate findings may be different and this may cause your SECURE Seal scans to fail.
If malware is detected on your website there are many ways that it can be hiding in your source code. Please carefully review the malware details provided by the Malware Detection Service.
The ideal way to remove malware is to use a known, clean backup to restore your site. You need to be certain that the backup is clean and no changes have been made to the site since the backup.
To remove malicious code, remove the suspicious block of script identified by the service in the malware details. You can look at malware details per web page in the malware scan details. Alternatively you can look at malware details by Qualys ID [QID] in the malware findings section and once you verify that the block of script doesn’t belong, that section should be removed.
These are additional ways you can identify malware within an affected web page:
Once you have cleaned up your website, please rescan using the SECURE Seal service to verify the malicious content is gone (see Remediation). Important Note: While fixing your website code cleans up the website, it probably doesn't close the hole that allowed the content to get there in the first place. Please ensure your machines are fully patched and any vulnerabilities identified in the SECURE Seal VM and WAS scans are remediated.
in the upper right of the management portal, under the “Welcome (your name)” drop down is a selection to change your password. Simply enter your current password and the new password [twice].
Yes. The scan data will be used in aggregate with other scans to improve the accuracy of the scanning service and to identify new threats and trends across the internet. The scan data is securely stored and handled. All use of the data is fully anonymized and can’t be tracked to any specific IP address or website, so there is no danger of information about your website ever being disclosed.