Companies are increasingly accountable for meeting standard application security policies. However, many organizations are still dealing with manual and arduous vulnerability scanning processes. Hear the team at Celestica share their journey towards implementing and automating secure practices using Qualys WAS in their development pipeline and accelerating the application vulnerability management process.
Even if your IT infrastructure is completely free from known vulnerabilities, you can't let your guard down. Latent vulnerabilities may linger in your custom-coded web applications and APIs, presenting an enticing target for cyber-attackers. You can protect against these with new capabilities in Qualys Web Application Scanning (WAS) to detect out-of-band vulnerabilities such as Server Side Request Forgery and SMTP injection. The upcoming API Security app leverages the Swagger/OpenAPI specification to give your development teams better insights into the security of the APIs they build.
One of the main drivers in adopting cloud services is quick and easy deployment of web applications and APIs that support your business. But attackers view them as ripe targets because they handle sensitive data and are often developed without security in mind. Any web application could be a foothold into your organization and lead to a data breach if a latent vulnerability such as SQL injection or remote code execution were successfully exploited. Using Qualys Web Application Scanning (WAS) continues to be an effective way to identify app-layer vulnerabilities quickly and reliably across different environments. This session will describe new capabilities in Qualys WAS such as better scan coverage and vulnerability detection, improved usability, automated scanning in CI/CD pipelines, and much more. This talk will also dive into the WAS roadmap for 2019, including some exciting changes coming to the UI and API testing capability.
Dave Ferguson, Director of Product Management, Qualys
Recently ImagineX Consulting was engaged to transform an existing application security program for a very large financial tech company, from a competitive product, to Qualys WAS. This case study illustrates how Qualys WAS' scale, automation and coverage enabled this client to overcome traditional scanning constraints and transition to a successful new appsec program that leveraged manual testing services and reporting built around the Qualys Cloud Platform WAS Solution. Learn how this combined approach can be used to increase coverage, scale and effectiveness, and to decrease application security risk.
Frank Catucci, Director of Application Security and DevSecOps, ImagineX Consulting