Qualys FreeScan service expanded with vulnerability scanning and configuration auditing
Posted on 26 February 2013.
At RSA Conference 2013, Qualys has expanded its popular FreeScan service to support scanning internal and external systems and web applications and also added new security and compliance audits for Patch Tuesday vulnerabilities, OWASP threats and SCAP Configuration.


Delivered via the QualysGuard Cloud Platform, FreeScan is used by organizations all over the world to quickly test online whether their computers, networks, web sites, and web applications are at risk from the latest threats.

Qualys has expanded the service’s vulnerability scanning and configuration auditing to help organizations efficiently respond to software patches, test their own web applications and web sites, and check if they are in compliance with emerging security standards.

“Security teams are overwhelmed by barrage of advisories about vulnerabilities in critical software, such as Java, Flash and PDF Readers and escalating attacks on web-based applications,” said Ira Winkler, president of the Internet Security Advisors Group. “With FreeScan, organizations can now have an immediate and accurate view of their security and compliance postures without having to deploy complex and costly traditional enterprise software security solutions.”


Qualys FreeScan now integrates a variety of security and compliance scans into a single, uniform console:
  • Patch Tuesday PC Audit. This scans PCs to find missing updates and patches from business software, such as Microsoft Windows, Oracle Java and Adobe Flash and Reader. It identifies which patches are required to address vulnerabilities that are found and provides links for downloading the necessary updates. After fixes have been installed, this scan can be run again to verify that computers are up-to-date.
  • OWASP (Open Web Application Security Project) Web Application Audit. This tests web applications, either inside a company’s network or on the Internet, to see if they comply with the latest OWASP industry-standard guidelines for defending against online attacks such as SQL injection and cross-site scripting (XSS). It organizes any issues that are found according to the corresponding OWASP categories and helps application developers fix application weaknesses.
  • SCAP (Security Content Automation Protocol) Compliance Audit. This tests computers within a company’s network to see if they comply with leading security configuration benchmarks, such as the U.S. Government Configuration Baseline (USGCB), which is required by many U.S. federal agencies and organizations that do business with the government.
  • Web Site Scan for Vulnerabilities and Malware. This performs a comprehensive check of a company’s web site for server and application vulnerabilities, hidden malware and SSL security configuration errors.
Additionally, FreeScan now supports the deployment of virtual scanners for scanning internal systems and web applications.

“We are pleased to bring to market this free cloud-based service so security teams are better equipped to fend off the increasing and crippling cyber attacks on their organization,” said Philippe Courtot, chariman and CEO of Qualys.





Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //