Attackers are increasingly exploiting web application vulnerabilities to breach security defenses. As the importance and number of web applications has increased, the challenge of identifying security vulnerabilities and fixing them has become one of scale. Many organizations have hundreds or even thousands of web properties that need to be triaged for security weaknesses, but until now the solutions available have not supported the scale required to automatically and accurately scan all the web properties that today’s enterprises rely on. Organizations need a highly scalable and easy-to-use vulnerability scanning solution to enable their growing web application security programs. Qualys WAS 3.4 provides organizations with the capabilities they need to meet these new demands and execute a best practices web application scanning program on all their web properties.
Feature highlights include: Support for scanning thousands of web applications with MultiScan, consolidated tag management within Asset View (formerly Asset Management), and additional usability enhancements. Together, these new features enable organizations to support high volume and fully automated web application scanning across their complete web application portfolio.
Web Application MultiScan
High Volume Scanning of Web Applications: Qualys WAS is the most scalable web application scanning solution available. So we’ve enhanced the ability to support large web application scanning programs by adding the ability to scan any number of web applications as a multi-site scan (aka MultiScan). The new capability takes advantage of Qualys’ asset tagging to enable users to easily categorize applications that may have similar attributes and scan them together with a MultiScan. If you haven’t tagged your applications, no problem – users can also pick and choose the applications they want to run in a MultiScan. The MultiScan capability gives users many options to accept defaults for the web application configuration or to override the defaults. This feature will enable organizations to perform ad-hoc or scheduled scans of hundreds or even thousands of web applications they may have in their enterprise with granular insight into what scans are running and which are complete.
Choose your applications – select individual apps or use tags
Select authentication, option profile, and scanner appliance settings
View the status of the MultiScan in the preview pane
View scan status details for all the scans within a MultiScan
Tag Management Consolidation in AV
Tag creation and management is now in Asset View (AV): Tags help you keep your web applications and other assets automatically organized. We’ve consolidated tag creation and management within the Asset View (formerly Asset Management) module to bring consistency to tag management. Tags will no longer be managed within WAS. Now you’ll use the AV module to create tags, edit them, assign tag properties, and delete them from your account.
Managing Tags in AV (formerly AM)
Tags applied to a Web Application in AV
Tags applied to the same web app in WAS
Web Application List Enhancements
Last Scan Date added to Web Applications list: Your web applications list now tells you when each of your web applications was last scanned.