Qualys WAS 4.1 New Features

There has been a lot of news about data breaches and organizations that have failed to enhance their security and subsequently fallen victim to hackers who have successfully exfiltrated large amounts of sensitive data. The 2014 Verizon Data Breach Investigation report shows that while web application attacks were involved in only 6% of incidents, they were associated with 35% of successful breaches. In fact, web applications attacks represented the single largest vector involved in the breaches reviewed in the report! It is clear that organizations need automated and scalable tools that improve how they discover, catalog and test web applications to ensure that security vulnerabilities are quickly identified and remediated. The report also indicates that while the majority of compromise and exfiltration activities happen within hours, most organizations only discover and contain web application attacks in days or weeks.

Qualys Web Application Scanning (WAS) 4.1 addresses this gap with tightly integrated virtual patching protection with the Qualys Web Application Firewall (WAF) solution to ensure that applications can be hardened against attack and compromise in a matter of minutes.

Feature highlights include: Integrated virtual patching with Qualys WAF service. Proxy support for internal appliances to ensure Qualys WAS can reach all the web applications in an organization’s environment, and provide customers with full logging capabilities at scale.

Qualys WAS 4.1 will be released in production in late April/early May with the exact date depending on the platform. Details about the release schedule are at the end of this blog post.

Integrated Detection/Protection

Integrated Virtual Patching: Qualys WAS 4.1 introduces integrated virtual patching with the Qualys WAF service. Customers who have subscribed to both Qualys WAS and WAF services for a web application will be able to enable WAF virtual patches to protect against vulnerabilities identified in WAS scans with just a few clicks. Qualys WAS/WAF tightly integrated virtual patching combines the detection of vulnerabilities and targeted protection of web applications in a way no other single platform can.

Virtual Patching

Scanning Enhancements

Proxy Support: Qualys WAS 4.1 introduces proxy support for internal scanning that enables organizations to direct scans into networks previously not accessible. Proxy support also enables customers to perform full HTTP logging in a flexible and scalable way across many web applications. Full logging provides customers with complete visibility on testing and can enhance scan troubleshooting, saving time and resources. Proxy support is a limited availability feature, so if you are interested in becoming an early adopter, please contact your TAM or support@qualys.com

Proxy Support

Support for Potential Vulnerabilities: You’ll see Potential Vulnerabilities with yellow severity – use the filters (on the left) to select the severity levels you want to include.

Potential Vulnerability Support

Enhanced Report Appendix

Reporting Enhancements

Download Datalists as Reports: Users no longer have to wait for Datalists to be created for download – now you can save a data list as a report, be notified when it is ready, and download it at any time it is convenient!

Datalist Download as Report

Notification that Datalist report is ready

Assign Owners to Report Template: Users can now assign owners to report templates – ensuring that all report templates have active users as owners.

Assign Owners to Report Templates

Web Application Enhancements

Find Detections with Fixed Status: Users can now quickly filter detections that have previously been fixed. This makes it quick and easy to review fixed vulnerabilities from the detections tab.

Find Detections with Fixed Status

User Interface Enhancements

New Get Started Tutorials: You’ll see our Get Started Tutorials as you navigate the WAS UI. They give you tips, best practices and shortcuts and will help you save time!

New Get Started Tutorials

Easy Access to Your Account Activity: Go to the new Account Activity log to see the most recent activity logs for your account. This gives you an easy way to identify unusual or unauthorized account access.

Easy Access to Your Account Activity