Qualys

Qualys is a provider of cloud security, compliance and related services for small and medium-sized businesses and large corporations based in Redwood Shores, California. Qualys Inc. was founded in 1999 and was the first company to deliver vulnerability management solutions as applications through the web using a “software as a service” (SaaS) model, and as of 2013 Gartner Group for the fifth time gave Qualys a “Strong Positive” rating for these services. It has added cloud-based compliance and web application security offerings.

qualys_scan1

Qualys online free scanner provides up to 10 free scans of URLs or IPs of Internet facing or local servers or even machines. You initially access it via web portal and then download their virtual machine software if running scans on your internal network.

Qualys free scanner supports a few different scan types; vulnerability checks for hidden malware, SSL issues, and other network-related vulnerabilities. OWASP is for auditing vulnerabilities of web applications. Patch Tuesday scans for and helps install missing software patches. SCAP checks computer settings compliance against the SCAP (Security Content Automation Protocol) benchmark provided by National Institute of Standards and Technology (NIST).

Though you first see just an online tool that appears to just do scanning via the Internet, if you enter a local IP or scan, it will prompt you to download a virtual scanner via a VMware or VirtualBox image. This allows you to do scanning of your local network. Once a scan is complete you can view interactive reports by threat or by patch.

qualys_scan_results

Since Qualys free scanner only provides 10 free scans, it’s not something you can use regularly. Consider using another solution for day-to-day use and periodically run Qualys free scanner for a double-check.

Check Qualys free scanning service you can by clicking on this link.

How Qualys works:

REVIEW OVERVIEW
Scanning
Exploitation
Flexibility
SHARE
Previous articleWASC
Next articleAcunetix Web Vulnerability Scanner
Penetration Testing & Information Security Specialist, Certified Ethical Hacker. Uladzislau Murashka provides information security and penetration testing services, IDS/IPS implementation and configuration, infrastructure security assessment and hardening, participates in bug bounty programs.

2 COMMENTS

  1. qualys very nice online tool to use: easy to understand, good support, very functional and has good amount of checks.
    We had experience previously with qualys and were very satisfied)

  2. Yeah, agree, qualys scanner here described well 🙂
    Thanks to the author, very interesting website about information security, scanning tools and manuals, other guides!

LEAVE A REPLY