Latest news
Qualys and iViZ partner on cloud-based web application security
Posted on 14 February 2013.
Qualys announced its partnership with iViZ to help companies ensure and validate the security of their web applications and web sites.
The partnership combines the automated testing of QualysGuard Web Application Scanning (WAS) with iViZ Penetration Testing Technology, coupled with manual testing to provide organizations with scalable solutions to protect web sites and web applications against possible attacks. The iViZ service will provide a Zero False Positive Guarantee and Business Logic Testing covering 100% of the Web Application Security Consortium (WASC) classes.
The solution is aimed at solving the problem of the significant shortage of trained security professionals that organizations need to hire and retain to secure their web applications. Automated scanning with false positive removal and Business Logic Testing will help organizations solve the problem of scaling security testing without hiring additional people.
Organizations are increasingly using web applications to work and conduct business online and often store critical business and customer data in their web applications. However, these applications are often built using multiple technologies without security in mind, leaving them vulnerable to attack. As a result, organizations need a comprehensive web application strategy to protect against possible attacks.
“As web applications have become a focus for attackers, web application security has become a priority for enterprises,” said Charles Kolodgy, research vice president for IDC’s security products. “But scanning and remediating web application vulnerabilities is challenging because of their complexity and the sheer number of custom web applications. Automated web application scanning combined with manual testing can help organizations identify and validate exploitable vulnerabilities. With this knowledge organizations can pinpoint exactly what needs to be remediated.”
With the new partnership, iViZ will use QualysGuard WAS to perform automated web application scans, accurately cataloging and discovering web application vulnerabilities for their clients. Then iViZ will use its Penetration Testing technologies, combined with manual validation of the findings, and perform business logic testing to deliver comprehensive web application testing, helping customers remediate any issues. Reports will be delivered to customers through the iViZ secure web portal, including an executive summary of the results and scope of testing with full details.
“Consultant-based penetration testing is not just costly, but is also impossible to scale since there aren’t enough humans on earth to test the 600 million online websites. The strategic partnership of Qualys and iViZ aims to solve this big problem by providing a high quality, scalable and affordable cloud-based offering to secure and remediate web applications globally,” said Bikash Barai, CEO and co-founder of iViZ Security.
“Web applications have become the primary target of cyber attacks and present a difficult challenge for organizations due to the cost and complexity required to secure and protect them,” said Philippe Courtot, chairman and CEO for Qualys. “Using QualysGuard WAS to quickly and easily scan web applications along with the penetration testing services from iViZ provides organizations with a comprehensive solution for finding and remediating security vulnerabilities at a cost they can afford.”
The partnership combines the automated testing of QualysGuard Web Application Scanning (WAS) with iViZ Penetration Testing Technology, coupled with manual testing to provide organizations with scalable solutions to protect web sites and web applications against possible attacks. The iViZ service will provide a Zero False Positive Guarantee and Business Logic Testing covering 100% of the Web Application Security Consortium (WASC) classes.
The solution is aimed at solving the problem of the significant shortage of trained security professionals that organizations need to hire and retain to secure their web applications. Automated scanning with false positive removal and Business Logic Testing will help organizations solve the problem of scaling security testing without hiring additional people.
Organizations are increasingly using web applications to work and conduct business online and often store critical business and customer data in their web applications. However, these applications are often built using multiple technologies without security in mind, leaving them vulnerable to attack. As a result, organizations need a comprehensive web application strategy to protect against possible attacks.
“As web applications have become a focus for attackers, web application security has become a priority for enterprises,” said Charles Kolodgy, research vice president for IDC’s security products. “But scanning and remediating web application vulnerabilities is challenging because of their complexity and the sheer number of custom web applications. Automated web application scanning combined with manual testing can help organizations identify and validate exploitable vulnerabilities. With this knowledge organizations can pinpoint exactly what needs to be remediated.”
With the new partnership, iViZ will use QualysGuard WAS to perform automated web application scans, accurately cataloging and discovering web application vulnerabilities for their clients. Then iViZ will use its Penetration Testing technologies, combined with manual validation of the findings, and perform business logic testing to deliver comprehensive web application testing, helping customers remediate any issues. Reports will be delivered to customers through the iViZ secure web portal, including an executive summary of the results and scope of testing with full details.
“Consultant-based penetration testing is not just costly, but is also impossible to scale since there aren’t enough humans on earth to test the 600 million online websites. The strategic partnership of Qualys and iViZ aims to solve this big problem by providing a high quality, scalable and affordable cloud-based offering to secure and remediate web applications globally,” said Bikash Barai, CEO and co-founder of iViZ Security.
“Web applications have become the primary target of cyber attacks and present a difficult challenge for organizations due to the cost and complexity required to secure and protect them,” said Philippe Courtot, chairman and CEO for Qualys. “Using QualysGuard WAS to quickly and easily scan web applications along with the penetration testing services from iViZ provides organizations with a comprehensive solution for finding and remediating security vulnerabilities at a cost they can afford.”
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
