Skip to Main Content

Web Application Scanning

Web Application scanning services provide automated host/domain/URL vulnerability identification and management across campus websites. Web application scanning provided by Qualys WAS is currently offered and administered by the IT Security Office.

Qualys Web Application Scanning (WAS) is a cloud-based service scan that will automatically crawl and test custom web applications for vulnerabilities. This service can regularly test and track results through the lifecycle of an application.


This service is provided at no cost to campus.


  • Application security scan to prevent code misuse
  • Can combine with host vulnerability scanning for multiple defense-in-depth layers of vulnerability detection
  • Proactively detect and mitigate common web app vulnerabilities such as injection, cross-site scripting (XSS), and insecure transit mechanisms
  • Provided free of charge to all areas

Key Features

  • Comprehensive discovery of web application vulnerabilities
  • Deep scanning to cover all facets of an application
  • Malware detection can also detect potentially malicious code


All campus units are eligible to request scans of their web applications



Getting Started

Contact to learn more.