Qualys offers free access to its web application scanner application to help organizations quickly find vulnerabilities in Log4Shell

FOSTER CITY, Calif., December 17, 2021 /PRNewswire/ — Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based IT, security and compliance solutions, today announced the free availability of its Web Application Scanning solution ( WAS) for 30 days, to help companies protect against Log4Shell.

Apache Log4Shell’s zero-day RCE vulnerability has raised alarm bells in businesses around the world, with US government officials calling it “one of the most severe flaws they’ve seen”. The vulnerability poses potential threats to almost any web application, with the list of known exploits growing daily.

Web application scanning capabilities are key to detecting these vulnerabilities as they simulate the attack of Log4Shell exploits. To help customers protect against this threat, Qualys is developing its WAS application, which scans web applications and APIs for the Log4Shell (CVE-2021-44228) vulnerability, available free for 30 days.

Qualys WAS performs accurate detections of applications vulnerable to Log4Shell thanks to its advanced out-of-band detection mechanisms. To identify vulnerable sites, WAS uses specially crafted payloads to simulate the same attack model that malicious actors use. Vulnerable sites are quickly and easily identified for remediation, closing the door to attackers before they even know you’re exposed.

“Log4Shell is the most alarming vulnerability we have seen in the last decade and helping the community combat this unprecedented threat is at the forefront of our goal,” said Sumed Thakar Chairman and CEO of Qualys. “Many organizations are struggling to find ways to detect their exposure to Log4Shell. We hope that free access to our application along with the open source scripts we have released will help security teams quickly assess and secure their external web attack surface.”

To sign up for the free 30-day WAS service, go to qualys.com/was-log4j-trial. For more information on using WAS to detect Log4Shell, read our blog, Is your web application exploitable by Log4 Shell vulnerability?

Additional Resources

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based IT, security and compliance solutions, with more than 19,000 active customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations to streamline and consolidate their security and compliance solutions on a single platform and integrate security into digital transformation initiatives for greater agility, better business results and substantial cost savings.

The Qualys Cloud platform and its integrated cloud applications continuously deliver critical security information to businesses, enabling them to automate all auditing, compliance, and protection of IT systems and web applications across site, on endpoints, in the cloud, containers and mobile environments. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud Platform, as well as managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other product or names may be trademarks of their respective companies.

Media Contact:
Jackie Duton
[email protected]

SOURCE Qualys, Inc.

Related links


Comments are closed.