Download Book
Related Links
Discover, Catalog and Scan All Your Enterprise Applications
Built on Qualys’ new and powerful next generation SaaS platform, QualysGuard WAS 2.1 brings web application security to a new level using the power and scalability of the cloud to accurately discover, catalog and scan large numbers of web applications ensuring increased productivity and a high level of protection. WAS 2.1 identifies web application vulnerabilities in the OWASP Top Ten like SQL injection, cross site scripting (XSS) and URL redirection as well as emerging threats such as Slowloris. It also simplifies the complexity and reduces costs of web application scanning with an intuitive, easy-to-use automated solution with an extremely low false positive rate and a rich dynamic user interface (UI) with clear workflows for scanning and reporting.
QualysGuard WAS 2.1 Benefits
- Uses the power and scalability of the cloud to identify web application risks
- Discovers, catalogs and manages web applications to ensure comprehensive coverage
- Provides intuitive user interface and highly automated processes increasing productivity
- Offers unlimited application scanning that delivers the most cost effective solution
- Enables centralized management for an organized approach that leverages cooperation
QualysGuard WAS 2.1 Features
Unified Dashboard
The dashboard gives users a comprehensive view of scans, results and reports. The most recent information about completed scans, reports and identified vulnerabilities are all available.
Discover, Catalog and Scan Web Applications
Web application discovery and cataloging ensures comprehensive scanning coverage and application management. Discovery identifies web applications in the environment and adds to the catalog, enabling organizations to easily manage large numbers of web applications.
Interactive Reporting
Interactive reporting supports powerful analysis and secure distribution of scan results. Web application, scan and scorecard reports can be created, saved and scheduled to run on a recurring basis. The encrypted PDF support ensures secure and compatible distribution to stakeholders.
Authenticated Scanning
Given only a user name and password, the web crawler automatically identifies HTML form login page(s), and monitors the session state to ensure an authenticated scan remains authenticated throughout the crawl. Multiple authentication scanning methods are supported for each scan; including Form, HTTP Basic, NTLM and Digest.
Targeted Scan Profiles
Web application scans analyze the security of your web applications and identify detected vulnerabilities, sensitive content data and information gathered data. The test phase of WAS can use static or dynamic search lists to include targeted testing for vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), source disclosure, and directory traversal.
Scan Options
There are a large number of scanning options available to ensure organizations are able to fine-tune the web application scanning. Option profiles can configure items such as maximum links to crawl, performance settings, brute force authentication attributes, detection scope, sensitive content settings as well as the search list that defines the vulnerabilities that are tested. Dynamic or static search lists can be created to target specific vulnerabilities or special classes of vulnerabilities like the OWASP Top 10. Web applications can also be configured to authenticate to servers and applications, to include or exclude testing of areas of the web application and specify the scanning device.
Subscription Options
|
|
| QualysGuard WAS is priced as a prepaid annual subscription based on the number of web applications (urls) scanned. |
1 YEAR SUBSCRIPTION (EXTERNAL + INTERNAL) |
| Enterprise Edition | |
|---|---|
| Maximum # of Users | Unlimited |
| Maximum # of Applications | Unlimited |
| Maximum # of Scanners | Unlimited |
| Maximum # of Scans/Crawls | Unlimited |
| QualysGuard XML APIs | Add. Fee |
| Express Edition | |
| Maximum # of Users Per Suite Account | 6 |
| Maximum # of Applications | 200 |
| Maximum # of Scanners | 2 |
| Maximum # of Scans/Crawls | Unlimited |
| QualysGuard XML APIs | Add. Fee |
| Also Includes | |
| 24x7x365 Email/Telephone Customer & Technical Support |
|
| Web-based Training & Regional Certification Workshops |
|
| Attendance to All Qualys User Conferences & Seminars |
|
QualysGuard WAS is also available as part of the QualysGuard Security & Compliance SaaS Suite.
Contact sales for an immediate price quote, or sign up for a 14 Day Trial.
Customers and Awards
Performing over 500 million IP audits per year, QualysGuard is the widest deployed security on demand solution in the world. Qualys is selected by thousands of large and small organizations around the world. See customer success stories >
QualysGuard is overwhelmingly recognized as the leader in its space. QualysGuard has won awards ranging from Best Vulnerability Management Solution, Best Security Product, Best Security Company, Best Network Protection Service and much more. See award details >
