At RSA Conference 2013, Qualys announced the release of QualysGuard WAS 3.0, adding malware detection and attack proxy support to provide customers and consultants with comprehensive web application security testing.


Recent studies confirm that attackers are increasingly targeting web applications to breach the security defenses of organizations. The Verizon 2012 Data Breach Investigation report indicates that for large organizations, 54% of the hacking vectors for the investigated breaches were associated with web applications. The report adds that attackers are increasingly using hybrid attacks, with 61% of all breaches featuring a combination of hacking techniques and malware.

With this new release organizations can discover and catalog web applications on a global scale, then identify and remediate web applications vulnerabilities accurately and cost-effectively.


QualysGuard WAS 3.0 provides malware detection for web sites, using advanced behavioral analysis to identify even zero-day malware that may infect users. The service proactively scans web sites for malware, providing automated alerts and in-depth reporting to enable prompt identification and resolution of vulnerabilities.

Additionally, 3.0 introduces advanced scanning configurations and reporting enhancements including report creation wizard and scorecard reports based on asset groups or tags, making it easy for users to create and customize reports for the audience they are targeting.

"Saba provides cloud-based learning and talent management solutions to over 10.4 million subscribers all over the world, making security and compliance a top priority for us," said Randy Barr, chief security & Information officer for Saba. "QualysGuard WAS automated scanning capabilities enable us to regularly discover and scan all of our web properties for vulnerabilities and remediate them in a timely manner. With expanded capabilities such as malware detection and integrations with attack tools, QualysGuard WAS 3.0 helps us better ensure security and compliance for our customers."

Lastly attack proxies and integrated pen testing tools for scanning web applications compliment automated scanning and can provide organizations with another perspective on vulnerabilities that may be present in web applications. QualysGuard WAS 3.0 enables organizations to integrate the scan results of attack proxies such as Burp Suite with its automated scans, presenting comprehensive reports of the results, giving organizations a complete view of vulnerabilities across their web applications.

“As web applications have become the front door through which we exchange information, having an up-to-date inventory of all web applications within an enterprise is a key step to secure corporate data; and automating this process is essential,” said Philippe Courtot, chairman and CEO for Qualys. “Bringing such automation to organizations, small and large, has been in effect the driving force behind our QualysGuard WAS 3.0 release. Altogether, these new capabilities make this new release a comprehensive and cost effective solution to help organizations keep up with the increasing demands of enterprise web application security.”

QualysGuard WAS 3.0 availability is targeted for the end of March 2013. It is sold as an annual subscription based on the number of web applications, and includes 24x7 support and full updates.