Web Application Scanning will crawl Web applications as if it is an attacker seeking flaws to exploit, then report on the problems it finds, says Phillipe Courtout, chairman and CEO of Qualys.
Customers can then shield the applications with Web application firewalls or rewrite the application code to patch the vulnerabilities, he says. Over the next year or so, the company plans to acquire or license technology that will enable it to offer services that defend against the flaws the scanning service discovers, he says.
The company is also announcing the 2.0 version of its QualysGuard Policy Compliance service that scans network devices and reports whether they comply with data security policies. The new version expands the service's support to more databases and operating systems. It also supports custom controls that corporate customers might have that are outside standard regulatory and industry policies impose.
Qualys is announcing a new API to its compliance platform to allow integration with vendors whose products contribute to ensuring payment card industry compliance. With the API, these third-party security vendors can share data gathered about network security that can be used to show PCI compliance, Courtout says.