Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Qualys Enhances Web Application Scanning Tool, Partners with MS-ISAC

Software-as-a-Service (SaaS) security solutions vendor Qualys, today announced updates to its QualysGuard Web Application Scanning suite, including the ability to integrate with Selenium, the open source tool that lets users to record their browser actions and save them as scripts that can then be replayed at a later time.

Software-as-a-Service (SaaS) security solutions vendor Qualys, today announced updates to its QualysGuard Web Application Scanning suite, including the ability to integrate with Selenium, the open source tool that lets users to record their browser actions and save them as scripts that can then be replayed at a later time.

Qualys WAS 2.1The integration with Selenium will help overcome some of the challenges of dynamic application security testing (DAST) for web applications that require complex authentication with a multi-step login processes.

“As financially-motivated attackers have shifted their focus to applications, Web application security has become a top priority. However, the responsibility for web application security cannot rest solely with information security,” said Neil MacDonald, vice president and Gartner fellow. “Enterprises should evaluate how to identify vulnerabilities in Web applications earlier in the development process as transparently as possible using web application security testing products or services.”

“While we now identify and eliminate vulnerabilities on network devices efficiently, this is not the case for web applications which have become the primary target of cyber attacks,” said Philippe Courtot, chairman and CEO for Qualys.

In addition to integrating with Selenium, QualysGuard WAS 2.1 added features including:

Client Certificate Support: Expanded support for client SSL certificates that are required by many high-risk web applications, providing the ability to upload client SSL certificates which canbe used by WAS to perform authenticated scanning.

Post Data Black List: Users can identify pages for which forms should not be submitted. This prevents the potential impact of posting the forms but allows the page view to be evaluated for security vulnerabilities.

Additional URL Support: WAS 2.1 expands coverage by enabling users to enter a list of links to be scanned that may not be linked to the initial URL.

Sold as an annual subscription, QualysGuard WAS 2.1 is available now in the U.S. and will be available in Europe on December 15th, 2011.

Advertisement. Scroll to continue reading.

In addition to the QualysGuard WAS updates, the company announced a new partnership with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to provide local and state government agencies with IT security and compliance management solutions in the cloud to help them with vulnerability identification, mitigation, and managing regulatory compliance, while reducing costs and streamlining operations.

Under the agreement, the MS-ISAC, a division of the national not-for-profit Center for Internet Security, will offer the QualysGuard suite of services, including vulnerability management, policy compliance, web application scanning and PCI compliance to the nation’s state, local, territorial and tribal (SLTT) governments. The MS-ISAC will deliver the service through its operations center that provides network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response for the nation’s SLTT governments.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.