Qualys Offers Free Access to Its Web Application Analysis Application to Help Organizations Quickly Find Log4Shell Vulnerabilities


Qualys, Inc. , a pioneer and leading provider of innovative cloud-based IT, security and compliance solutions, has announced that it is making its Web Application Scanning (WAS) solution available free for 30 days, to help businesses navigate protect against Log4Shell.

The Apache Log4Shell zero-day RCE vulnerability has raised alarm bells for businesses around the world, with US government officials calling it “one of the most serious flaws they have seen.” The vulnerability poses potential threats to almost any web application, with the list of known exploits growing daily.

The scanning capabilities of web applications are essential to detect these vulnerabilities as they simulate the attack of Log4Shell exploits. To help customers protect themselves against this threat, Qualys is making its WAS application, which scans web applications and APIs for the Log4Shell vulnerability (CVE-2021-44228), available for free for 30 days.

Qualys WAS enables precise detections of applications vulnerable to Log4Shell thanks to its advanced out-of-band detection mechanisms. To identify vulnerable sites, WAS uses specially designed payloads to simulate the same attack model used by malicious actors. Vulnerable sites are quickly and easily identified for remediation, shutting the door on attackers before they even know you are exposed.

“Log4Shell is the most alarming vulnerability we have seen in the past decade and helping the community tackle this unprecedented threat is at the forefront of our attention,” said Sumedh Thakar, President and CEO of Qualys. “Many organizations are scrambling to find ways to detect their exposure to Log4Shell. We hope that free access to our application along with the open source scripts we have released will help security teams quickly assess and secure their external web attack surface.

To sign up for the free 30-day WAS service, visit qualys.com/was-log4j-trial. For more information on using WAS to detect Log4Shell, read our blog, Is your web application exploitable by the Log4 Shell vulnerability?


Comments are closed.