Web application security on a new level
Qualys announced QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web applications.
The new version also simplifies the complexity and reduces costs of web application scanning with an intuitive automated solution with an extremely low false positive rate and a rich dynamic user interface (UI) that simplifies the workflows for scanning and reporting.
Web application scanners have traditionally focused on identifying vulnerabilities, such as SQL injection, cross-site scripting (XSS) and other common security flaws while relying on complex configuration steps and manual testing.
Based on Qualys’ next generation SaaS platform, QualysGuard WAS 2.0 brings web application security to a new level with an easy-to-use service that includes unique capabilities – including accurate discovery and cataloging of web applications, identification of vulnerabilities and remediation paths, helping companies proactively secure their web applications.
QualysGuard WAS 2.0 provides:
Scalability and automation. Leverages the power of the cloud to discover, catalog and scan thousands of applications with a high degree of accuracy which ensures comprehensive coverage and increases productivity by reducing both the time required to discover and manage web applications and the effort needed to validate the vulnerabilities identified.
Ease of use. New fully interactive Web 2.0 UI simplifies web application risk management with clear workflows and reporting. A unified dashboard provides a comprehensive view of scans, results and reports. Centralized management also ensures an organized approach and leverages cooperation.
Comprehensive coverage of web application vulnerabilities. Supports scanning web applications that utilize JavaScript and embedded Flash. Identifies common web application vulnerabilities including OWASP Top Ten risks such as SQL injection, Cross-Site Scripting (XSS), URL redirection and Cross-Site Request Forgery (CSRF). Discovers web applications that disclose sensitive data, recommends secure coding practices and provides system administrators with secure configuration guidance.
Flexible management. Granular access management with customized user roles and asset tagging capabilities and flexible grouping to simplify reporting workflows and streamline remediation activities.