Qualys, the leading provider of on demand IT security risk and compliance management solutions, announced the release of QualysGuard WAS 2.0, with several major enhancements to help customers catalogue their Web applications on a global scale, and scan them for vulnerabilities that can lead to exploitation.
The new release, delivered via the QualysGuard SaaS platform and its new Java-based backend, comes with a new Web 2.0 User Interface (UI) that raises the bar in terms of ease-of-use, flexible reporting and automation of scanning tasks.
“These new enhancements help further improve the levels of Web application security scanning and enhance the protection of users by rapidly identifying weak spots and facilitating the effective closing of any vulnerable areas,” says Alan Rehbock, sales and marketing director at Magix Security. Qualys recently appointed Magix Security as its value-added service (VAS) reseller in South Africa.
Major enhancements in QualysGuard WAS 2.0 include:
* Cataloguing and scanning of Web applications in the enterprise (Intranet, Internet) or in the cloud, including Amazon EC2 and VPC platforms (see related release);
* Fully interactive UI with flexible workflows and reporting
* Supports scanning HTML Web applications with JavaScript and embedded Flash
* Comprehensive detection of custom Web application vulnerabilities, including:
* OWASP Top 10 vulnerabilities: SQL injection, cross-site scripting (XSS), source disclosure, directory traversal
* Checks Web applications' handling of sensitive or secret data
* Reports on recommended secure coding practice and configuration
* Differentiates exploitable fault-injection problems from simple information disclosure
* Customisable scanning options:
* Customised crawling using Black/White lists and Robots.txt and Sitemap.xml files
* Supports common authentication schemes
* Performs brute force attack using predefined and custom password lists
* Profiles custom Web application behaviours
* Configures scanning performance with customisable performance level
Availability and pricing
QualysGuard WAS 2.0 will be available in beta to QualysGuard subscribers starting 1 April 2011. It will be sold as annual subscriptions based on number of Web applications, and includes 24x7 support and full updates.
Share
Qualys
Qualys is the leading provider of on demand IT security risk and compliance management solutions - delivered as a service. Qualys' software as a service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.
The QualysGuard service is used today by more than 5 000 organisations in 85 countries, including 45 of the Fortune Global 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognised by leading industry analysts for its market leadership.
Qualys has established strategic agreements with leading managed service providers and consulting organisations, including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com
Editorial contacts