Qualys Vulnerability Scanning
Qualys is a commercial vulnerability and web application scanner. It can be used to proactively locate, identify and assess vulnerabilities so that they can be prioritized and remediated before they are targeted and exploited by attackers.
Qualys Vulnerability Manager is a general purpose scanner which can be used to perform network-based scans. These scans can be performed from the Internet, or from internal-campus scanners.
Web Application Scanner
Qualys WAS focuses on web application vulnerabilities such as the industry standard Open Web Application Security Project (OWASP) Top 10 list to categorize the most critical risks faced by web apps. QualysGuard WAS finds these vulnerabilities – including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection.
If you'd like an account to use Qualys, please submit a HelpSU request. For network vulnerability scanning, be sure to include the IP address of your machine or the network that you manage. For web applications, please specify URLs, e.g., your_server_name.stanford.edu. You will be required to be listed as either the User or the Admin in NetDB for the respective addresses and/or servers.
If you already have an account, please log-in using the SAML SSO login page. Sign in using your SUNet ID.
Qualys is known for its excellent online training and support.
Only Actively Used Accounts
Qualys is a licensed service to Stanford; we'll pay for what we use. You're encouraged to use the service, but as part of our routine system hygiene, we'll be purging unused accounts after ninety days of non-use.