Risk
2/21/2013
06:00 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Qualys Announces Partnership With Cloud-Based Pen Tester iViZ

Qualys will combine its QualysGuard Web Application Scanning with iViZ’s Penetration Testing technology

REDWOOD CITY, Calif., February 12, 2013 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance management solutions, today announced its partnership with iViZ, the industry's premier cloud-based penetration testing service for web applications, to help companies ensure and validate the security of their web applications and web sites. The partnership combines the highly automated testing of QualysGuard Web Application Scanning (WAS) with iViZ Penetration Testing Technology, coupled with comprehensive manual testing to provide organizations with high quality, cost-effective, scalable solutions to effectively protect web sites and web applications against possible attacks. The iViZ service will provide a Zero False Positive Guarantee and Business Logic Testing covering 100% of the Web Application Security Consortium (WASC) classes.

The solution is aimed at solving the problem of the significant shortage of trained security professionals that organizations need to hire and retain to secure their web applications. Automated scanning with false positive removal and Business Logic Testing will help organizations solve the problem of scaling security testing without hiring additional people.

Organizations are increasingly using web applications to work and conduct business online and often store critical business and customer data in their web applications. However, these applications are often built using multiple technologies without security in mind, leaving them vulnerable to attack. As a result, organizations need a comprehensive web application strategy to protect against possible attacks.

"As web applications have become a focus for attackers, web application security has become a priority for enterprises," said Charles Kolodgy, research vice president for IDC's security products. "But scanning and remediating web application vulnerabilities is challenging because of their complexity and the sheer number of custom web applications. Automated web application scanning combined with manual testing can help organizations identify and validate exploitable vulnerabilities. With this knowledge organizations can pinpoint exactly what needs to be remediated."

With the new partnership, iViZ will use QualysGuard WAS to perform automated web application scans, accurately cataloging and discovering web application vulnerabilities for their clients. Then iViZ will use its Penetration Testing technologies, combined with manual validation of the findings, and perform business logic testing to deliver comprehensive web application testing, helping customers remediate any issues. Comprehensive reports will be delivered to customers through the iViZ secure web portal, including an executive summary of the results and scope of testing with full details.

"Consultant-based penetration testing is not just costly, but is also impossible to scale since there aren't enough humans on earth to test the 600 million online websites. The strategic partnership of Qualys and iViZ aims to solve this big problem by providing a high quality, scalable and affordable cloud-based offering to secure and remediate web applications globally," said Bikash Barai, CEO and co-founder of iViZ Security.

"Web applications have become the primary target of cyber attacks and present a difficult challenge for organizations due to the cost and complexity required to secure and protect them," said Philippe Courtot, chairman and CEO for Qualys. "Using QualysGuard WAS to quickly and easily scan web applications along with the penetration testing services from iViZ provides organizations with a comprehensive solution for finding and remediating security vulnerabilities at a cost they can afford."

To learn more about the iViZ web application security solution, visit http://www.qualys.com/iviz-partner.

About iViz

iViZ Security is industry's first cloud-based penetration testing service for web applications. Unlike the scanners, which lack in quality, and the consultants, who are expensive, iViZ delivers consultant-grade, quality testing in a SaaS-based, cost effective subscription model. iViZ provides a "Zero False Positives Guarantee" and advanced business logic testing by leveraging its patent pending "hybrid approach" that integrates automation with manual testing by security experts. More than 300 customers worldwide use iViZ for greater quality, scalability and cost effectiveness.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web