Web Application Scanning Datasheet

Qualys Web Application Scanning (WAS) is a cloud-based service that scans web applications to identify vulnerabilities like cross-site scripting and SQL injection. It provides comprehensive discovery of web apps, deep scanning capabilities, and integration with Qualys Web Application Firewall for vulnerability remediation. WAS helps secure development pipelines and provides visibility of web app security status.

Uploaded by

John Doe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

87 views4 pages

Web Application Scanning Datasheet

Uploaded by

John Doe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 4

WAS

Web Application Scanning

Find, fix security holes in web
apps, APIs.

Qualys Web Application Scanning (WAS)

is a cloud-based service that provides
automated crawling and testing of custom
web applications to identify vulnerabilities
including cross-site scripting (XSS) and
SQL injection. The automated service
enables regular testing that produces
consistent results, reduces false positives,
and easily scales to cover thousands of
websites. Qualys WAS is bundled with
additional scanning technology to
proactively monitor websites for malware
infections, sending alerts to website
owners to help prevent blacklisting and
brand reputation damage.
Built on the world’s leading cloud-based security and compliance
platform, Qualys WAS frees you from the substantial cost,
resource and deployment issues associated with traditional
software products. Known for its fast deployment, ease of use,
and unparalleled scalability -- scanning thousands of web
applications per week -- Qualys WAS gives organizations the ease
of use, centralized management and integration capabilities they
need to keep attackers at bay and their web applications secure.

Key Features

Comprehensive discovery Deep scanning

WAS finds and catalogs all web apps in your network, including new WAS' dynamic deep scanning covers all apps and APIs on your
and unknown ones, and scales from a handful of apps to thousands. perimeter, internal networks, and public cloud instances, and gives
With Qualys WAS, you can tag your applications with your own labels you instant visibility of vulnerabilities like SQLi and XSS.
and then use those labels to control reporting and limit access to scan Authenticated, complex and progressive scans are supported. With
data. programmatic scanning of SOAP and REST API services, WAS tests IoT
services and mobile app backends.
DevSecOps tool Malware detection
WAS can insert security into application development and WAS scans an organization's websites, and identifies and alerts you
deployment in DevSecOps environments. With WAS, you detect to infections, including zero-day threats via behavioral analysis.
code security issues early and often, test for quality assurance Detailed malware infection reports accompany infected code for
and generate comprehensive reports. With a robust API and a remediation. A central dashboard displays scan activity, infected
native plugin for Jenkins, Qualys WAS provides everything you pages and malware infection trends, and lets users initiate actions
need to automate scanning in your CI/CD environment. directly from its interface.

Qualys WAS provides complete, accurate, and scalable

web security and enables organizations to assess,
track, and remediate web application vulnerabilities.
Its capabilities are powered by the Qualys Cloud
Platform.

Benefits
Comprehensive protection
Qualys WAS’ native integration with Qualys Web
App Firewall (WAF) provides for one-click virtual
“We found Qualys ideal for our need to
patching of identified vulnerabilities.
assess thousands of websites with
Clarity and control limited resources.”
A single interface lets you identify, manage
and fix all web app vulnerabilities and
misconfigurations.

App dev hygiene

Integrates with the software development lifecycle
Infrastructure Security Team
allowing scans at any time by developers, QA and Manager at Microsoft
security teams, as well as automating scans in
DevOps and CI/CD pipelines.

Broad threat coverage

Detect, identify, assess, track and remediate
OWASP Top 10 risks, WASC threats, CWE
weaknesses, and web-based CVEs.
Find and catalog all your web apps Perform deep, exhaustive application scans at
Web apps, often plagued by vulnerabilities and misconfigurations due to poor scale
coding and faulty testing, can be put on your network by almost anyone. Unsafe web applications offer hackers an attractive attack surface and
Large organizations have hundreds, even thousands of them. Qualys WAS convenient entry point into your IT environment. When breached, web apps
gives you visibility and control by finding official and “unofficial” apps can expose massive amounts of confidential business data. Qualys WAS
throughout your environment, and letting you categorize them. protects you with incisive, thorough, precise scans, scaling up to thousands of
web apps and with negligible false positives.
Find approved and unapproved web apps in your network with continuous,
comprehensive application discovery and cataloging Secure very large web apps with progressive scanning, which lets you scan in
incremental stages and bypass restrictions preventing you from scanning an app
Organize your data and reports using your own labels with customizable web
in one pass
app asset tagging

Detect OWASP Top 10 risks such as SQL injection, cross-site scripting (XSS), XML
External Entities (XXE), broken authentication, and misconfigurations

Test IoT services and mobile apps as well as API-based business-to-business

connectors, with Qualys WAS’ SOAP and REST API scanning capabilities
Visualize and document your web app security
Test like a real user with authenticated scanning, including advanced scans using
status with actionable data Selenium, the open source browser automation system for web app testing

Qualys offers unparallelled web app security with the seamless integration of
Set scans’ exact start time and duration with MultiScan
Qualys WAS and Qualys Web Application Firewall (WAF) 2.0, which gives you
one-click patching of web apps, including mobile apps and IoT services. Complete scans more efficiently -- less idle time and greater coverage -- with
automatic load-balancing of multiple application scans across a pool of scanner
Take your results from data to insights to action in minutes by performing appliances
powerful analyses of your scans across many applications at once
Rid your websites and apps of malware -- including the type that eludes anti-virus
Tailor how the results are presented to different audiences with customized report software, which Qualys WAS removes using behavioral analysis -- and trigger
templates alerts

Get a comprehensive view of scans, reports and vulnerabilities on a single screen Consolidate automated scan data from WAS with data from manual testing
with Qualys WAS’ central dashboard approaches - via integrations with Burp Suite and Bugcrowd - to get a complete
view of your web app vulnerabilities
Boost agile, continuous app development and deployment in DevSecOps
environments by catching code and configuration errors early and often, while Prioritize remediation and focus on the most critical flaws
iteratively building, testing and launching software

Rapidly harden web apps with integrated WAF

As organizations retool and expand the reach of their web apps to pursue
digital transformation innovations, Qualys WAS’ interactive reporting
capabilities give you the big picture of your web app security posture and let
you drill down into details.

From a single console, you can detect web application vulnerabilities with WAS,
and rapidly protect them from attack with WAF for true, integrated web
application security

Avoid the redundancies and gaps that come with trying to glue together separate,
siloed solutions, as the Qualys Cloud Platform keeps everything in sync

Integrate web app scan data via a rich, extensive set of APIs into other security
and compliance systems, such as firewalls, and SIEM and ERM solutions
Powered by the Qualys Cloud Platform
– the revolutionary architecture that powers
Qualys’ IT security and compliance cloud apps

Sensors that provide continuous visibility Respond to threats immediately

On-premises, at endpoints or in the cloud, the Qualys Cloud With Qualys’ Cloud Agent technology, there’s no need to
Platform sensors are always on, giving you continuous 2-second schedule scan windows or manage credentials for scanning.
visibility of all your IT assets. Remotely deployable, centrally And Qualys Continuous Monitoring service lets you proactively
managed and self-updating, the sensors come as physical or address potential threats whenever new vulnerabilities appear,
virtual appliances, or lightweight agents. with real-time alerts to notify you immediately.

All data analyzed in real time See the results in one place,
Qualys Cloud Platform provides an end-to-end solution, allowing anytime, anywhere
you to avoid the cost and complexities that come with managing
Qualys Cloud Platform is accessible directly in the browser, no
multiple security vendors. The Qualys Cloud Platform
plugins necessary. With an intuitive, single-pane-of-glass user
automatically gathers and analyzes security and compliance data
interface for all its apps, it lets you customize dashboards, drill down
in a scalable, state-of-the-art backend, and provisioning additional
into details, and generate reports for teammates and auditors.
cloud apps is as easy as checking a box.

Cloud Platform Apps

Qualys apps are fully integrated and natively share the data they collect for real-time
analysis and correlation. Provisioning another app is as easy as checking a box.