At RSA Conference 2013, Qualys has expanded its popular FreeScan service to support scanning internal and external systems and web applications and also added new security and compliance audits for Patch Tuesday vulnerabilities, OWASP threats and SCAP Configuration.


Delivered via the QualysGuard Cloud Platform, FreeScan is used by organizations all over the world to quickly test online whether their computers, networks, web sites, and web applications are at risk from the latest threats.

Qualys has expanded the service’s vulnerability scanning and configuration auditing to help organizations efficiently respond to software patches, test their own web applications and web sites, and check if they are in compliance with emerging security standards.

“Security teams are overwhelmed by barrage of advisories about vulnerabilities in critical software, such as Java, Flash and PDF Readers and escalating attacks on web-based applications,” said Ira Winkler, president of the Internet Security Advisors Group. “With FreeScan, organizations can now have an immediate and accurate view of their security and compliance postures without having to deploy complex and costly traditional enterprise software security solutions.”


Qualys FreeScan now integrates a variety of security and compliance scans into a single, uniform console:

• Patch Tuesday PC Audit. This scans PCs to find missing updates and patches from business software, such as Microsoft Windows, Oracle Java and Adobe Flash and Reader. It identifies which patches are required to address vulnerabilities that are found and provides links for downloading the necessary updates. After fixes have been installed, this scan can be run again to verify that computers are up-to-date.
• OWASP (Open Web Application Security Project) Web Application Audit. This tests web applications, either inside a company’s network or on the Internet, to see if they comply with the latest OWASP industry-standard guidelines for defending against online attacks such as SQL injection and cross-site scripting (XSS). It organizes any issues that are found according to the corresponding OWASP categories and helps application developers fix application weaknesses.
• SCAP (Security Content Automation Protocol) Compliance Audit. This tests computers within a company’s network to see if they comply with leading security configuration benchmarks, such as the U.S. Government Configuration Baseline (USGCB), which is required by many U.S. federal agencies and organizations that do business with the government.
• Web Site Scan for Vulnerabilities and Malware. This performs a comprehensive check of a company’s web site for server and application vulnerabilities, hidden malware and SSL security configuration errors.

Additionally, FreeScan now supports the deployment of virtual scanners for scanning internal systems and web applications.

“We are pleased to bring to market this free cloud-based service so security teams are better equipped to fend off the increasing and crippling cyber attacks on their organization,” said Philippe Courtot, chariman and CEO of Qualys.