Qualys Announces Web Application Scanning (WAS) 3.0

Qualys Announces Web Application Scanning (WAS) 3.0

QualysGuard WAS 3.0 Adds Malware Detection, Integration With Burp Suite,
Advanced Scanning Configurations and Reporting Enhancements

SAN FRANCISCO, Feb. 25, 2013 (GLOBE NEWSWIRE) -- RSA Conference USA 2013 Booth
#1431-- Qualys, Inc., (Nasdaq:QLYS), a leading provider of cloud security and
compliance solutions, today announced QualysGuard® WAS 3.0, adding malware
detection and attack proxy support to provide customers and consultants with
comprehensive web application security testing.

Recent studies confirm that attackers are increasingly targeting web
applications to breach the security defenses of organizations. The Verizon
2012 Data Breach Investigation report indicates that for large organizations,
54 percent of the hacking vectors for the investigated breaches were
associated with web applications. The report adds that attackers are
increasingly using hybrid attacks, with 61 percent of all breaches featuring a
combination of hacking techniques and malware.

A new case study with Microsoft describes how their Information Security &
Risk Management (ISRM) Team uses QualysGuard WAS to evaluate the security of
its hundreds of web applications coming online through its subsidiaries every
year. In the case study, Ahmad Mahdi, ISRM manager at Microsoft, stated, "We
needed a comprehensive way to evaluate the security of these applications with
speed and accuracy…Thanks largely to QualysGuard WAS, we now have a process
that ensures applications meet a specific and very important security

With QualysGuard WAS 3.0, organizations can discover and catalog web
applications on a global scale, then identify and remediate web applications
vulnerabilities accurately and cost-effectively. QualysGuard WAS 3.0 provides
malware detection for web sites, using advanced behavioral analysis to
identify even zero-day malware that may infect users. The service proactively
scans web sites for malware, providing automated alerts and in-depth reporting
to enable prompt identification and resolution of vulnerabilities.

Additionally, 3.0 introduces advanced scanning configurations and reporting
enhancements including report creation wizard and scorecard reports based on
asset groups or tags, making it easy for users to create and customize reports
for the audience they are targeting.

"Saba provides cloud-based learning and talent management solutions to over
10.4 million subscribers all over the world, making security and compliance a
top priority for us," said Randy Barr, chief security & Information officer
for Saba. "QualysGuard WAS automated scanning capabilities enable us to
regularly discover and scan all of our web properties for vulnerabilities and
remediate them in a timely manner. With expanded capabilities such as malware
detection and integrations with attack tools, QualysGuard WAS 3.0 helps us
better ensure security and compliance for our customers."

Lastly, attack proxies and integrated pen testing tools for scanning web
applications compliment automated scanning and can provide organizations with
another perspective on vulnerabilities that may be present in web
applications. QualysGuard WAS 3.0 enables organizations to integrate the scan
results of attack proxies such as Burp Suite with its automated scans,
presenting comprehensive reports of the results, giving organizations a
complete view of vulnerabilities across their web applications.

"As web applications have become the front door through which we exchange
information, having an up-to-date inventory of all web applications within an
enterprise is a key step to secure corporate data; and automating this process
is essential," said Philippe Courtot, chairman and CEO for Qualys. "Bringing
such automation to organizations, small and large, has been in effect the
driving force behind our QualysGuard WAS 3.0 release. Altogether, these new
capabilities make this new release a comprehensive and cost effective solution
to help organizations keep up with the increasing demands of enterprise web
application security."

Pricing and Availability

QualysGuard WAS 3.0 availability is targeted for the end of March 2013. It is
sold as an annual subscription based on the number of web applications,
starting at $1,995 per year, and includes 24x7 support and full updates.

For more information about QualysGuard WAS, please visit:

To read the full case study on Microsoft's use of QualysGuard WAS, visit:

About Qualys

Qualys, Inc. (Nasdaq:QLYS), is a pioneer and leading provider of cloud
security and compliance solutions with over 6,000 customers in more than 100
countries, including a majority of each of the Forbes Global 100 and Fortune
100. The QualysGuard Cloud Platform and integrated suite of solutions helps
organizations simplify security operations and lower the cost of compliance by
delivering critical security intelligence on demand and automating the full
spectrum of auditing, compliance and protection for IT systems and web
applications. Founded in 1999, Qualys has established strategic partnerships
with leading managed service providers and consulting organizations, including
Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro.
The company is also a founding member of the CloudSecurityAlliance (CSA).

For more information, please visitwww.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys,
Inc. All other products or names may be trademarks of their respective

CONTACT: Melinda Marks
         Qualys, Inc.
         (650) 801-6242
         Rod McLeod
         Bateman Group for Qualys
         (415) 503-1818
Press spacebar to pause and continue. Press esc to stop.