Qualys Web Application Scanning 6.0 Released
April 18, 2018

Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production.

Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, allowing DevOps teams to streamline assessments of REST APIs and get faster visibility of the security posture of mobile application backends and Internet of Things (IoT) services.

Additionally, a new native plugin for Jenkins delivers automated vulnerability scanning of web applications for teams using the popular Continuous Integration/Continuous Delivery (CI/CD) tool. In tandem, customers can now leverage the new Qualys Browser Recorder, a free Google Chrome browser extension, to easily review scripts for navigating through complex authentication and business workflows in web applications.

"As companies move their internal apps to the cloud and embrace new technologies, web app security must be integrated into the DevOps process to safeguard data and prevent breaches," said Philippe Courtot, Chairman and CEO, Qualys, Inc. "Qualys is helping customers streamline and automate their DevSecOps through continuous visibility of security and compliance across their applications and REST APIs. With the latest WAS features, customers now can make web application security an integral part of their DevOps processes, avoiding costly security issues in production."

Qualys WAS 6.0 and new capabilities include:

- Scanning of Swagger-based REpresentational State Transfer (REST) APIs - In addition to scanning Simple Object Access Protocol (SOAP) web services, Qualys WAS now leverages the Swagger specification for testing REST APIs. Users need only ensure the Swagger version 2.0 file (JSON format) is visible to the scanning service, and the APIs will automatically be tested for common application security flaws.

- Jenkins plugin - The Qualys WAS Jenkins plugin empowers DevOps teams to build application vulnerability scans into their existing CI/CD processes. By integrating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws thereby significantly reducing the cost of remediation compared to doing so later in the SDLC.

- Qualys Browser Recorder – This new Chrome extension allows users to record web browser activity and save the scripts for repeatable, automated testing. Scripts are played back in Qualys WAS, allowing the scanning engine to successfully navigate through complex authentication and business workflows. The Qualys Browser Recorder extension is free and available to anyone (not just Qualys customers) via the Chrome Web Store.

Qualys WAS 6.0 is available today as an annual subscription based on the number of web applications.

Share this

Industry News

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.

March 21, 2024

GitHub announced that code scanning autofix, powered by GitHub Copilot and CodeQL, is available in public beta for all GitHub Advanced Security (GHAS) customers.

March 21, 2024

NetApp is collaborating with NVIDIA to advance retrieval-augmented generation (RAG) for generative AI applications.

March 21, 2024

CalypsoAI launched the CalypsoAI Platform, an advanced SaaS-based security and enablement solution for generative AI applications within the enterprise.