Web Application scanning services provide automated host/domain/URL vulnerability identification and management across campus websites. Web application scanning provided by Qualys WAS is currently offered and administered by the IT Security Office.
Qualys Web Application Scanning (WAS) is a cloud-based service scan that will automatically crawl and test custom web applications for vulnerabilities. This service can regularly test and track results through the lifecycle of an application.
Pricing
This service is provided at no cost to campus.
Benefits
- Application security scan to prevent code misuse
- Can combine with host vulnerability scanning for multiple defense-in-depth layers of vulnerability detection
- Proactively detect and mitigate common web app vulnerabilities such as injection, cross-site scripting (XSS), and insecure transit mechanisms
- Provided free of charge to all areas
Key Features
- Comprehensive discovery of web application vulnerabilities
- Deep scanning to cover all facets of an application
- Malware detection can also detect potentially malicious code
Eligibility
All campus units are eligible to request scans of their web applications
Requirements
None
Getting Started
Contact security@ucla.edu to learn more.
