Qualys WAS - Cloud based DAST Tool


Qualys Web Application Scanning (WAS) is a cloud-based service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection.

5 min read

Qualys WAS

What is Qualys WAS?

Qualys is a robust web application security scanning tool. It is entirely cloud-based and has advantages if you are already a member of Qualys Cloud Platform.

The automated service enables regular testing that produces consistent results, reduces false positives and easily scales to cover thousands of websites. In addition, Qualys WAS is bundled with other scanning technology to monitor websites for malware infections proactively, sending alerts to website owners to help prevent blacklisting and brand reputation damage.

Qualys WAS Scan Result


Comprehensive discovery

WAS finds and catalogues all web apps in your network, including new and unknown ones, and scales from a handful of apps to thousands. With Qualys WAS, you can tag your applications with your own labels
and then use those labels to control reporting and limit access to scan data.

Deep scanning

WAS dynamic deep scanning covers all apps and APIs on your perimeter, internal networks, and public cloud instances and gives you instant visibility of vulnerabilities like SQLi and XSS.


Authenticated, complex and progressive scans are supported. WAS tests IoT services and mobile app backends with programmatic scanning of SOAP and REST API services.


DevSecOps tool

WAS can insert security into application development and deployment in DevSecOps environments. With WAS, you detect code security issues early and often, test for quality assurance and generate comprehensive reports. With a robust API and a native plugin for Jenkins, Qualys WAS provides everything you need to automate scanning in your CI/CD environment.


Malware detection

WAS scans an organization’s websites and identifies and alerts you to infections, including zero-day threats, via behavioural analysis. Detailed malware infection reports accompany infected code for remediation. In addition, a central dashboard displays scan activity, infected pages and malware infection trends and lets users initiate actions directly from its interface.

On this page:

Leave a Reply

Your email address will not be published. Required fields are marked *