Attackers are increasingly exploiting web application vulnerabilities to breach security defenses. As the importance and number of web applications has increased, the challenge of identifying security vulnerabilities and fixing them has become one of scale. Many organizations have hundreds or even thousands of web properties that need to be triaged for security weaknesses, but until now the solutions available have not supported the scale required to automatically and accurately scan all the web properties that today’s enterprises rely on. Organizations need a highly scalable and easy-to-use vulnerability scanning solution to enable their growing web application security programs. QualysGuard WAS 3.4 provides organizations with the capabilities they need to meet these new demands and execute a best practices web application scanning program on all their web properties.
Feature highlights include: Support for scanning thousands of web applications with MultiScan, consolidated tag management within Asset Management, and additional usability enhancements. Together, these new features enable organizations to support high volume and fully automated web application scanning across their complete web application portfolio.
QualysGuard WAS 3.4 will be released in production in mid to late June 2014 depending on the platform. Details about the release schedule are at the end of this blog post.
Web Application MultiScan
High Volume Scanning of Web Applications: QualysGuard WAS is the most scalable web application scanning solution available. So we’ve enhanced the ability to support large web application scanning programs by adding the ability to scan any number of web applications as a MultiScan. The new capability takes advantage of QualysGuard’s asset tagging to enable users to easily categorize applications that may have similar attributes and scan them together with a MultiScan. If you don’t have time to tag your applications, no problem – users can also pick and choose the applications they want to run in a MultiScan. The MultiScan capability gives users many options to accept defaults for the web application configuration or to override the defaults. This feature will enable organizations to perform ad-hoc or scheduled scans of hundreds or even thousands of web applications they may have in their enterprise with granular insight into what scans are running and which are complete. MultiScan is a limited availability release, so if you are interested in becoming an early adopter, please contact your TAM or firstname.lastname@example.org.
Choose your applications – select individual apps or use tags
View the status of the MultiScan in the preview pane
View scan status details for all the scans within a MultiScan
Tag Management Consolidation in AM
Tag creation is now consolidated in Asset Management (AM): Tags help you keep your assets automatically organized. We’ve consolidated tag creation and management within the Asset Management (AM) module to bring consistency to tag management. Tags will no longer be managed within WAS and MDS. Now you’ll use the AM module to create tags, edit them, assign tag properties, and delete them from your account.
Asset Management Module
Managing Tags in AM
Tags applied to a Web Application in AM
Web Application List Enhancements
Last Scan Date added to Web Applications list: Your web applications list now tells you when each of your web applications was last scanned.
For details about the release dates for specific platforms and to subscribe to release notifications by email, please see the following: