Cloud Platform
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
Cloud Security

See Resources

Web App Security Solutions: Web App Scanning | Web App Firewall | Malware Detection

Web applications live outside of the traditional network perimeter. If they're not properly secured, they offer hackers an attractive attack surface and a convenient entry point into your IT environment.

Due to poor development and testing practices, web apps are often plagued with security vulnerabilities and configuration gaps. When breached, web apps can expose massive amounts of confidential business data.

Boost web app security with Qualys’
cloud-based, integrated solutions

With Qualys, you automate web app security, shield web servers from hackers, rid your websites from malware and make the software development lifecycle more secure.

Qualys Web Application Scanning (WAS) crawls and tests custom web applications to identify vulnerabilities, while its extensive APIs let you integrate scan data with other security systems.

Qualys Web Application Firewall (WAF) blocks attacks on web server vulnerabilities, and lets you control where and when your applications are accessed.

Qualys Malware Detection (MD) proactively scans an organization’s customer-facing websites for infections, triggers automated alerts and generates detailed reports.

As part of the integrated security and compliance Enterprise TruRisk Platform, these three apps are hosted and maintained by Qualys, can be immediately deployed, operate continuously, scale globally and offer users centralized management.

WAS features Screenshot

WAS Features


WAS finds and catalogs all web apps in your network, including new and unknown ones, and gives you quick and comprehensive visibility of their vulnerabilities.


WAS' dynamic deep scanning covers all apps on your perimeter, internal networks, remote and mobile devices, and public cloud instances. Authenticated and complex scans are supported.


WAS offer highly customized reporting capabilities with a focus on OWASP’s Top 10 risks, while its unified, interactive dashboard gives you an at-a-glance view of your web app security.

WAF Features


WAF is tightly integrated with WAS, so you have a single, interactive console for web app vulnerability detection (WAS) and rapid protection from attacks (WAF).

Cloud Agility

With no special hardware to buy nor maintain, WAF can be quickly deployed for apps on public or private clouds, and scaled seamlessly as new apps are added.


WAF lets you create “virtual patch” rules in response to WAS findings, rapidly resolve false positives and customize security rules for your environment.

WAF Features Screenshot
Malware Detection Features Screenshot

MD Features

Scalable Scanning

Included with WAS but also available standalone, MD scans an organization's websites, and identifies, reports and removes infections, including zero-day threats via behavioral analysis.

Interactive Dashboard and Reports

A dashboard displays scan activity, like infected pages and trends, and remediation can be started from its interface. Reports can be mined for granular details and securely distributed.

Centralized Management

MD lets you create multiple user-defined roles with different permission levels, while tags let you categorize assets by criteria such as organizational groups and geography.

See our subscription options

Free Trial