Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Automated web application scanning in QualysGuard PCI 3.0

Qualys : 02 October, 2008  (New Product)
On demand PCI scanning software meets latest payment card industry standards and offers proactive security for web applications
Automated web application scanning in QualysGuard PCI 3.0
Qualys has announced QualysGuard PCI 3.0, a new version of the industry's most widely used on demand scanning application for ongoing management of PCI compliance efforts. QualysGuard PCI 3.0 now includes a Web Application Scanning (WAS) module that combines the application's traditional compliance scanning, remediation and e-filing capabilities with automated web application scanning. This advancement helps merchants in their efforts to effectively meet requirement 6.6 for maintaining secure web applications.

The now mandatory requirement, within the just released PCI Data Security Standards 1.2, states that all public-facing web applications are subject to either 1) reviews of applications via manual or automated vulnerability assessment tools or methods, or 2) installing an application-layer firewall in front of public-facing web applications.

"Compliance with the PCI data security standard is a continuous process, and not a one-time event," said Avivah Litan, VP and distinguished analyst, Gartner. "Organisations are best off making use of tools that automate as much of this process as possible on a continuous basis."

QualysGuard PCI 3.0 Web Application Scanning module is an automated tool for evaluating web applications before and after deployment. This ensures that the applications are built and maintained in a secure way. Delivered via Software-as-a-Service (SaaS), the WAS module fully automates the scanning of vulnerability types within customized code and allows customers to crawl web applications, identify cross-site scripting vulnerabilities, isolate SQL injection attacks and conduct authenticated and unauthenticated scanning.

The QualysGuard PCI 3.0 WAS module includes the following features and benefits:

* Automated Web Application Scanning: The QualysGuard PCI 3.0 WAS module includes an automated crawling algorithm that combines pattern and behavior analysis to improve accuracy and reduce false positives in a consistent, repeatable test framework.

* Intuitive Authentication: QualysGuard PCI 3.0 identifies login forms, error pages and other customized features without manual input which helps the web application scanner adapt to changes as the web site matures. It also enables the scanner to assess unknown or legacy web applications about which little may be known.

* Performance Tuning: QualysGuard PCI 3.0 allows users to control the bandwidth level at which the scan or multiple scans take place. This allows the organization to minimize the impact of the scan on a web application and reduce latency. A "crawl only" option is also available to catalog links without performing security checks.

* Seamless Integration with the QualysGuard PCI Solution: The WAS module is tightly integrated with customers' existing QualysGuard on demand PCI solution and thus, requires no additional hardware or software resources.

"Since the introduction of PCI DSS, we've diligently worked to integrate the latest updates into Qualys' SaaS offering to help customers automate their process while reducing cost as Gartner recommends," said Philippe Courtot, Chairman and CEO of Qualys. "Adding WAS support to QualysGuard PCI allows our customers to satisfy the new PCI 6.6 requirement without having to deploy any additional software and gives our partners the ability to provide expanded services for expert review of the results."

Qualys' On Demand PCI solution continues to be the de facto standard for merchants needing to comply with PCI's ever-changing requirements. Over 1,500 organisations use QualysGuard PCI to scan over 500,000 hosts per quarter. QualysGuard PCI also gives partners the tools they need to quickly become an Approved Scanning Vendor (ASV) for PCI compliance. More than 57 percent of all PCI DSS ASVs and Qualified Security Assessors (QSAs) utilise QualysGuard to deliver PCI certification and PCI-related services to their clients.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo