It’s important to customize your web application scans just as much as your web applications. We get that. With Qualys WAS 4.3, organizations now have the ability to easily further customize their scans based upon their web apps and specific properties thereof. Customers can also now received clearer and enhanced feedback on the behavior and coverage of their scans. This will also allow customers to continue to deliver targeted web application security metrics to all the stakeholders while ensuring a successful web application security program meets the protection of all organizational demands.
It is no surprise that web application attacks are the highest frequency breach incident classification based on the findings in the 2014 Verizon Data Breach Investigation Report (DBIR). This information just confirms what most organizations are already seeing – that there has been a dramatic increase in the number and scope of web application attacks against web properties that are the critical revenue generating assets of the business. To combat the increase in the intensity of attacks, organizations need to improve their ability to identify web application vulnerabilities before they can be exploited. Organizations need a way to easily and cost effectively discover and scan all the web application in their environments so they can find and fix security vulnerabilities before they cause legal and financial impact. Organizations need automated and scalable tools that improve the coverage and flexibility of web application vulnerability scanning, while adding more powerful reporting features to ensure that the right stakeholders receive the targeted metrics they need to ensure the vulnerability scanning program is efficient and effective. Qualys WAS 4.0 provides organizations with the increased scan coverage and enhanced reporting capabilities organizations need to keep their web applications hardened against attack and protected against business disruptions.
Feature highlights include: Progressive scanning to enhance vulnerability testing coverage and provide automated test continuation from scan to scan, enhancing scan results and enabling more flexibility in scheduling scans that will ease the burden on understaffed IT Security teams. The new Reporting Templates will also enable organization to deliver targeted application security metrics to each stakeholder in the program, whether it is an executive who needs a high level overview of the program, or a developer that needs vulnerability details for one web app he is responsible for. Additional enhancements to exclude tagged applications and randomize MultiScan also gives organizations better options to manage the impact of scalable scanning on their environments.