Qualys brings web application security to DevOps
Source – helpnetsecurity.com
Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production.
Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, a new native plugin for Jenkins for automated vulnerability scanning of web applications, and the new Qualys Browser Recorder.
Qualys WAS 6.0 and new capabilities include:
- Scanning of Swagger-based REpresentational State Transfer (REST) APIs– In addition to scanning Simple Object Access Protocol (SOAP) web services, Qualys WAS now leverages the Swagger specification for testing REST APIs. Users need only ensure the Swagger version 2.0 file (JSON format) is visible to the scanning service, and the APIs will automatically be tested for common application security flaws.
- Jenkins plugin – The Qualys WAS Jenkins plugin empowers DevOps teams to build application vulnerability scans into their existing Continuous Integration/Continuous Delivery (CI/CD) processes. By integrating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws thereby significantly reducing the cost of remediation compared to doing so later in the SDLC.
- Qualys Browser Recorder – This new Chrome extension allows users to record web browser activity and save the scripts for repeatable, automated testing. Scripts are played back in Qualys WAS, allowing the scanning engine to successfully navigate through complex authentication and business workflows. The Qualys Browser Recorder extension is free and available to anyone (not just Qualys customers) via the Chrome Web Store.
Pricing and availability
Qualys WAS 6.0 is available today as an annual subscription based on the number of web applications. Annual subscriptions start at $1,995.
Qualys will showcase these new tools and enhanced functionality during, at booth #N3815.
“As companies move their internal apps to the cloud and embrace new technologies, RSA Conference 2018 web app security must be integrated into the DevOps process to safeguard data and prevent breaches,” said Philippe Courtot, chairman, and CEO, Qualys.
“Qualys is helping customers streamline and automate their DevSecOps through continuous visibility of security and compliance across their applications and REST APIs. With the latest WAS features, customers now can make web application security an integral part of their DevOps processes, avoiding costly security issues in production.”
“One of our goals is to perform security testing early in the software development lifecycle and being able to seamlessly integrate scanning into our build environments is key to that,” said Dmitry Tysh, Sr. Software Developer, IT Development, OSIsoft, Inc. “We are looking forward to using these new capabilities in Qualys WAS to further automate testing of our web apps and APIs.”