Qualys brings web application security to DevOps

Qualys, a cloud-based security and compliance solutions provider, has announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC).

Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, allowing DevOps teams to streamline assessments of REST APIs and get faster visibility of the security posture of mobile application backends and Internet of Things (IoT) services. Additionally, a new native plugin for Jenkins delivers automated vulnerability scanning of web applications for teams using the popular Continuous Integration/Continuous Delivery (CI/CD) tool. In tandem, customers can now leverage Qualys Browser Recorder, a free Google Chrome browser extension, to easily review scripts for navigating through complex authentication and business workflows in web applications.

“As companies move their internal apps to the cloud and embrace new technologies, web app security must be integrated into the DevOps process to safeguard data and prevent breaches,” said Philippe Courtot, Chairman and CEO, Qualys, Inc. “Qualys is helping customers streamline and automate their DevSecOps through continuous visibility of security and compliance across their applications and REST APIs. With the latest WAS features, customers now can make web application security an integral part of their DevOps processes, avoiding costly security issues in production.”

Qualys WAS 6.0 and new capabilities include scanning of swagger-based REpresentational State Transfer (REST) APIs, Jenkins plugin and Qualys browser recorder. The Qualys Browser Recorder extension is free and available to anyone (not just Qualys customers) via the Chrome Web Store.