F5 Guardian Unity Partner
Home » Qualys Vulnerability and Web Application Security Scanning Service

WorldTech IT’s Qualys WAS Scanning Service provides comprehensive visibility into potential vulnerabilities, detects cyberattack vectors, and provides risked-based prioritization for remediation efforts. Our services safeguard client data, ensure compliance, and protect brand reputation through comprehensive one-time or scheduled scans. 

Scheduled Qualys WAS Scanning Service 

For organizations seeking a long-term solution, our comprehensive scanning service offers:

  • Discovery and enumeration of web application assets. 
  • Regular Qualys WAS scanning (frequency depending upon the selected subscription level). 
  • Detailed web application security reports with severity levels, potential impact, and trends over time. 
  • Brief remediation guidance provided on status meetings. 
  • Regular review meetings to discuss findings and plan remediation efforts. 
  • A dedicated account manager for personalized service. 

Scanning of internal assets will require the deployment of a scanning appliance or virtual scanning appliance. 

One-Time Qualys WAS Scanning Service: 

For organizations seeking an in-depth one-off WAS assessment, this service offers: 

  • Discovery and enumeration of all web application assets. 
  • Execution of Qualys WAS scan on identified assets. 
  • Detailed web application security report with severity levels and potential impact. 
  • Brief remediation guidance for the identified web application threats provided via a post-engagement meeting. 

Scanning of internal assets will require the deployment of a scanning appliance or virtual scanning appliance.  

Add-on Services: 

  1. WAF A/B Testing: This service includes scanning with the client’s Web Application Firewall (WAF) turned off, and then again in blocking mode. A detailed report will compare the results, highlighting what vulnerabilities are currently being missed by the WAF.  
  1. Signature Design: With this service, we will design custom signatures for your WAF to block the vulnerabilities and threats that were detected during the A/B test. This service is only available in conjunction with the WAF A/B Testing service.  
  1. WAF Policy Tuning: Often, WAFs are configured with default settings that may either be too restrictive, blocking legitimate traffic (false positives), or too lenient, allowing harmful traffic (false negatives). Our team of security experts will fine-tune your WAF’s settings to optimize its performance and accuracy.