Sophisticated web application security programs often require close coordination with application development, quality assurance and production support teams. For many organizations, production support teams create specialized processes to manage test data associated with web application vulnerability scanning. These organizations need tools to ensure that vulnerability scanning injects data with specific signatures or content so that they can identify and delete the data after testing is complete. They typically need multiple different signature sets to support concurrent testing by their different business units. In addition, these organizations need a way to track the execution time of vulnerability scans against previous scans, both because this provides more accurate estimates of scan duration and because it helps quickly identify slower-than-expected application response times. Qualys WAS 3.5 provides organizations with these capabilities to enable a best practices web application scanning program on all their web properties.
Feature highlights include: Support for creating and managing multiple sets of custom form parameters and enhancing the scan progress status information to include time estimate based on previous scan times. Together, these new features enable organizations to support high volume and fully automated web application scanning across their complete web application portfolio.