Qualys to offer free domain scanning and security assurance seals

RSA Conference 2010 – Qualys is planning to launch two new offerings at the RSA Conference, one of them free, and both are aimed at protecting Web site owners and visitors.


The first item that will be sure to grab some attention on the conference floor this week at RSA is Qualys’ new GO SECURE offering. For the cost of $995.00 USD per site annually, Qualys will generate one of those popular seals that other security vendors offer; only there is a bit of a twist with this program.

Much like the program from vendors like McAfee, Qualys will test an organization’s site and ensure that it is free of various hazards.

The GO SECURE program scans for perimeter vulnerabilities, locating forward-facing problems on the Web server that could allow access to information or the network itself. The perimeter scanning also looks for Web Application issues, such as Cross-Site Scripting flaws and SQL Injection vectors. The Malware detection aspect of the program looks for classic symptoms, such as injected JavaScript or association with known malicious domains. Lastly, it will check to ensure that SSL certificates are properly implemented.

If the site is clean and everything checks out, then it will be able to display a seal that shows the consumer that there is a good chance the company has a decent security program in place to protect its Web operations.

However, unlike other programs, if the Qualys testing fails, then the assurance seal isn’t generated, and revoked from the site. In addition to snatching the seal from the site, the organization is alerted to a possible problem, and expected to resolve the issues before they will get it back.

Free Malware Detection for the masses

The second offering from Qualys this week is available to both the business and home users, all that is required is ownership of an active site on the Net. Called QualysGuard Malware Detection, the service will scan a site, no matter the size, and hunt for active Malware infections.

Qualys explained both sides of the scanning to The Tech Herald last week in a briefing. The two sides to the service - static scanning and behavioral analysis - work hand-in-hand to assess any given domain.

The behavioral scanning is processed by using virtual machines with unpatched browsers and operating systems to identify suspicious behavior, while the source code of the site is scanned for the presence of content typically used in malicious attacks, including encoded JavaScript, Web bugs, and character encoding inside of inline frames.

The service is free and available today, head over to http://www.qualys.com/STOPMALWARE to register.

Like this article? Please share on Facebook and give The Tech Herald a Like too!