How-to Instructions

Qualys Scan Tool for Web Applications

Qualys Web Application Scan (WAS) is a vulnerability scanner that is used to scan web applications for SQL injection, cross site scripting, sensitive data, etc.  Qualys WAS features include on-demand scanning and discovery, flexible scan scheduling, options for selecting the depth and type of scan, and flexible reporting. New checks for vulnerabilities are added continuously to the scanner.

There is no guarantee that the Qualys scanner will not affect services on a production web application. Therefore it is important that the affected application have a maintenance window schedule agreed to by management or other pertinent personnel. If availability is too critical to have a window, then redundancies should be created.

View the slides from a recent workshop: PDF icon Web Application Scanning Qualys WAS

Contact University Information Security for more information.