Qualys ups security automation with a bit of Swagger

Cloud security firm Qualys, like every vendor today, is pushing the automation mantra.

The company’s Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0 to allow developers to streamline [security] assessments of REST APIs and get visibility of the security posture of mobile application backends and Internet of Things (IoT) services.

NOTE: Swagger is an open source software framework backed by a considerable ecosystem of tools that helps developers design, build, document and consume RESTful web services.

As noted here, RESTful web services are built to work best on the web.

Representational State Transfer (REST) is an architectural style that specifies constraints, such as the uniform interface, that if applied to a web service induce desirable properties, such as performance, scalability and modifiability, that enable services to work best on the web.

Additionally (in terms of the Qualys news), a new native plugin for Jenkins delivers automated vulnerability scanning of web applications for teams using this Continuous Integration/Continuous Delivery (CI/CD) tool.

“As companies move their internal apps to the cloud and embrace new technologies, web app security must be integrated into the DevOps process to safeguard data and prevent breaches,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Qualys is helping customers streamline and automate their DevSecOps through continuous visibility of security and compliance across their applications and REST APIs. With the latest WAS features, customers now can make web application security an integral part of their DevOps processes, avoiding costly security issues in production.”

In tandem with all of the above, developers (and their DevOps compatriots) can now leverage Qualys Browser Recorder, a free Google Chrome browser extension, to review scripts for navigating through complex authentication and business workflows in web applications.

Qualys also launched a new free tool – CertView – to make it easier for developers to create and manage an inventory for their certificates.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Following the trend of privacy and security in public clouds, Zadara Storage offers a storage service at Amazon AWS, Dimension Data and Equinix, where each customer gets their own private drives and storage controllers. Each customer has full control of the storage as they would have in their own SAN/NAS storage in the data center.
Kenneth White is right. Enterprises are being underserved when it comes to security and governance controls in the cloud. It is critical, after all, to be able to provision regulatory-grade compliant systems. The best approach is an extensible policy engine that provides fine-grain cloud governance controls to effectively manage security and regulatory risk in the organization. For more thoughts on cloud governance: https://searchcloudprovider.techtarget.com/tip/Promote-cloud-adoption-with-extensible-policy-driven-cloud-governance
- Derick Townsend, VP Product Marketing, ServiceMesh
I get the idea of having virtual private clouds, but when I look at how much administrative cost may be there, I wonder if many companies will soon look to off load those responsibilities that heretofore have not done so.