Audience

IT security teams in search of a web application scanning solution to find, fix, and prevent security holes in web apps

About Qualys WAS

Robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations. Fully cloud-based, it’s easy to deploy and manage, and scales to millions of assets. WAS finds and catalogs all web apps in your network, including new and unknown ones, and scales from a handful of apps to thousands. With Qualys WAS, you can tag your applications with your own labels and then use those labels to control reporting and limit access to scan data. WAS’ dynamic deep scanning covers all apps on your perimeter, in your internal environment and under active development, and even APIs that support your mobile devices. It also covers public cloud instances, and gives you instant visibility of vulnerabilities like SQLi and XSS. Authenticated, complex and progressive scans are supported. With programmatic scanning of SOAP and REST API services, WAS tests IoT services and APIs used by mobile apps and modern mobile architectures.

Other Popular Alternatives & Related Software
SaltStack
SaltStack
(2 Ratings)
SaltStack is an intelligent IT automation platform that can manage, secure, and optimize any infrastructure—on-prem, in the cloud, or at the edge. It’s built on a unique and powerful event-driven automation engine that detects events in any system and reacts intelligently to them, making it an extremely effective solution for managing large, complex environments. With the newly launched SecOps offering, SaltStack can detect security vulnerabilities and non-compliant, mis-configured systems. As soon as an issue is detected, this powerful automation helps you and your team remediate it, keeping your infrastructure securely configured, compliant, and up-to-date. The SecOps suite includes both Comply and Protect. Comply scans and remediates against CIS, DISA-STIG, NIST, PCI, HIPAA compliance standards. And Protect scans for vulnerabilities and patches and updates your operating systems.
Learn more
Acunetix
Acunetix
(1 Rating)
As the market leader in automated web application security testing, Acunetix by Invicti is the go-to security tool for Fortune 500 companies. DevSecOps teams can cut through the noise to uncover unseen risks and mitigate dangerous exploits, detecting and reporting on a wide array of vulnerabilities. With an industry-leading crawler that fully supports HTML5, JavaScript, and Single-page applications, Acunetix enables the auditing of complex, authenticated applications for deeper insight into an organization's risk posture. It's a leader for a reason: the technology behind Acunetix delivers the only product on the market that can automatically detect out-of-band vulnerabilities to enable comprehensive management, prioritization, and control for vulnerability threats by criticality. Plus, it's available both online and as an on-prem solution, integrating with popular issue trackers and WAFs so that DevSecOps teams don't have to slow down when building innovative apps.
Learn more
Cloudxray
Cloudxray
CloudXray is a cloud workload scanning solution that operates in two deployment modes; basic for misconfiguration detection and advanced for full malware, OS vulnerability, and misconfiguration scanning. The architecture consists of an orchestrator deployed in a single region and distributed scanners covering all discovered regions, making it fully compatible with both AWS and GCP environments. It uses an agentless approach to inspect workloads and volumes across your cloud account for malware, CVEs, and policy deviations. The solution provisions scanning instances on demand, integrates via roles and APIs, and provides continuous coverage of cloud resources without requiring persistent agents. CloudXray supports rapid deployment and is optimized for scalable, multi-region cloud workloads. It is designed to help organizations maintain a secure posture across compute instances, storage volumes, and OS layers by combining configuration assessment, vulnerability detection, and more.
Learn more
SecurityMetrics Perimeter Scan
SecurityMetrics Perimeter Scan
Comprehensive Vulnerability Assessment Scan For Network Security. Vulnerability scans and network scans find top cybersecurity risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI Compliance (PCI DSS) and HIPAA. Add and remove your own targets through your Perimeter Scan Portal. You can mass upload scan targets and groups. You can group and label scan targets to make it easier to manage by location, network type, or unique circumstances at your organization. Run port scans on your most sensitive targets more frequently, test in scope PCI targets quarterly, or test designated IPs after changes to your network with simplicity. Vulnerability scanning reports list the target, vulnerability type, service (e.g., https, MySQL, etc.), and the severity of each vulnerability (low, medium, high).
Learn more

Pricing

Free Trial:
Free Trial available.

Integrations

API:
Yes, Qualys WAS offers API access
See Integrations

Ratings/Reviews

Overall 0.0 / 5
ease 0.0 / 5
features 0.0 / 5
design 0.0 / 5
support 0.0 / 5

This software hasn't been reviewed yet. Be the first to provide a review:

Review this Software

Company Information

Qualys
Founded: 1999
United States
www.qualys.com/apps/web-app-scanning/

Videos and Screen Captures

Play Video Qualys WAS Screenshot 1 Qualys WAS Screenshot 2 Qualys WAS Screenshot 3 Qualys WAS Screenshot 4
Other Useful Business Software
Managed Cloud Hosting Platform | Nexcess Icon
Managed Cloud Hosting Platform | Nexcess

For growing digital businesses and engineering teams that need reliable, fully managed cloud infrastructure to run high-performance applications.

The managed cloud solution engineered for simplicity, with built-in governance and risk-mitigation, plus a bill you can actually forecast.
Learn More

Product Details

Platforms Supported
Cloud
Training
Documentation
Live Online
In Person
Support
Phone Support
24/7 Live Support
Online

Qualys WAS Frequently Asked Questions

Q: What kinds of users and organization types does Qualys WAS work with?
Q: What languages does Qualys WAS support in their product?
Q: What kind of support options does Qualys WAS offer?
Q: What other applications or services does Qualys WAS integrate with?
Q: Does Qualys WAS have an API?
Q: What type of training does Qualys WAS provide?
Q: Does Qualys WAS offer a free trial?

Qualys WAS Product Features

Vulnerability Scanners

Network Mapping
Web Inspection
Defect Tracking
Interactive Scanning
Perimeter Scanning
Black Box Scanning
Continuous Monitoring
Compliance Monitoring
Asset Discovery
Logging and Reporting
Threat Intelligence
Risk Analysis