Qualys has launched a new version of its on demand scanning application for ongoing management of PCI compliance efforts.


QualysGuard PCI 3.0 now includes a Web Application Scanning (WAS) module that combines the application's traditional compliance scanning, remediation and e-filing capabilities with automated web application scanning. This advancement helps merchants in their efforts to effectively meet requirement 6.6 for maintaining secure web applications.


Following changes to the PCI Data Security Standards, where all public-facing web applications are subject to either reviews of applications via manual or automated vulnerability assessment tools or methods, or installation of an application-layer firewall in front of public-facing web applications, Avivah Litan, VP and analyst at Gartner Inc, said: “Compliance with the PCI data security standard is a continuous process, and not a one-time event. Organisations are best off leveraging tools that automate as much of this process as possible on a continuous basis.”


QualysGuard PCI 3.0 Web Application Scanning module is an automated tool for evaluating web applications before and after deployment, this ensures that the applications are built and maintained in a secure way. The module fully automates the scanning of vulnerability types within customised code and allows customers to crawl web applications, identify cross-site scripting vulnerabilities, isolate SQL injection attacks and conduct authenticated and unauthenticated scanning.


Philippe Courtot, chairman and CEO of Qualys, said: “Since the introduction of PCI DSS, we've diligently worked to integrate the latest updates into Qualys' SaaS offering to help customers automate their process while reducing cost as Gartner recommends.


“Adding WAS support to QualysGuard PCI allows our customers to satisfy the new PCI 6.6 requirement without having to deploy any additional software and gives our partners the ability to provide expanded services for expert review of the results.”