Qualys Announces General Availability of QualysGuard Web Application Scanning (WAS) 2.0

LAS VEGAS, NV--(Marketwire - Aug 3, 2011) - BLACK HAT -- Qualys®, Inc., the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions, today announced the general availability of QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web applications. The new version also simplifies the complexity and reduces costs of web application scanning with an intuitive, easy-to-use automated solution with an extremely low false positive rate and a rich dynamic user interface (UI) that simplifies the workflows for scanning and reporting. QualysGuard WAS 2.0 has been in beta for the past six months and will be generally available for US customers on August 30, 2011. Qualys will showcase this solution at Black Hat USA 2011, booth #206.

Web application scanners have traditionally focused on identifying vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS) and other common security flaws while relying on complex configuration steps and manual testing. Based on Qualys' new and powerful next generation SaaS platform, QualysGuard WAS 2.0 brings web application security to a new level with an easy-to-use, intuitive service that includes unique capabilities -- including accurate discovery and cataloging of web applications, identification of vulnerabilities and remediation paths, helping companies proactively secure their web applications.

"At Georgia Tech, it is important for us to build security into everything we do for our IT infrastructure. We use many web applications so it is important that we take measures to keep them secure," said Jason C. Belford, information security manager at Georgia Tech. "Being able to catalog and scan our web applications can help us proactively manage IT security across our web applications."

"Web application security is an important part of maintaining a rigorous, proactive security and compliance program to protect company data and assets. However, it is an increasingly complex problem due to the proliferation of web applications and constant attacks against web applications," said Charles Kolodgy, research vice president for security products at IDC. "To foster a high level of protection for web applications, enterprises need the tools that can accurately discover and catalog their web applications, identify vulnerabilities within those applications and provide remediation information."

QualysGuard WAS 2.0 provides:

• Scalability and Automation. Leverages the power of the cloud to discover, catalog and scan thousands of applications with a high degree of accuracy which ensures comprehensive coverage and increases productivity by reducing both the time required to discover and manage web applications and the effort needed to validate the vulnerabilities identified.
• Ease of use. New fully interactive Web 2.0 UI simplifies web application risk management with clear workflows and reporting. A unified dashboard provides a comprehensive view of scans, results and reports. Centralized management also ensures an organized approach and leverages cooperation.
• Comprehensive coverage of web application vulnerabilities. Supports scanning web applications that utilize JavaScript and embedded Flash. Identifies common web application vulnerabilities including OWASP Top Ten risks such as SQL injection, Cross-Site Scripting (XSS), URL redirection and Cross-Site Request Forgery (CSRF). Discovers web applications that disclose sensitive data, recommends secure coding practices and provides system administrators with secure configuration guidance.
• Flexible Management. Powerful granular access management with customized user roles adapt to meet the needs of any organization as well as asset tagging capabilities that enhances management of large numbers of web applications with flexible grouping to further simplify reporting workflows and streamline remediation activities.

"As companies continue to move their applications and processes into the cloud, web application security now has become a major target for cyber attacks," said Philippe Courtot, chairman and CEO for Qualys. "Automation is key to combat such advanced persistent threats. It starts with the ability to discover and analyze every web application no matter where they reside or where they are coming from. QualysGuard WAS 2.0 helps organizations address this challenge at a cost they can afford."

Pricing and Availability

QualysGuard WAS 2.0 is available on August 30, 2011 for US customers and will be available in October for EU customers. It is sold as annual subscriptions based on the number of web applications, and includes 24x7 support and full updates.

For more information, visit http://www.qualys.com/products/qg_suite/was/.

About Qualys
Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 45 of the Fortune 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a leading global company, and has been recognized by leading industry analysts for its market leadership. Qualys was recently named Best Security Company in the Excellence Awards category of the 2011 SC Awards U.S.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.