Qualys Unveils AI-Powered API Security and Web Application Scanning

Qualys, a provider of cloud-based security and compliance solutions, has announced the launch of its AI-powered Web Application Scanning (WAS) with advanced API security features. This new platform is designed to secure web applications and APIs across various attack surfaces, including on-premises servers, databases, hybrid and multi-cloud environments, containerized architectures, and microservices.

APIs have become a crucial component in digital transformation initiatives, accounting for over 83% of web traffic. This widespread adoption underscores the importance of robust security measures to protect against potential vulnerabilities. Kunal Modasiya, Vice President of Product Management at Qualys, highlighted the challenges organizations face with traditional security tools, stating that many companies use isolated solutions like SAST, DAST, and SCA. These tools often fail to provide a unified view of the application security posture, resulting in gaps in coverage and uncoordinated security efforts.

The Qualys API security platform offers comprehensive API discovery and inventory management, identifying and cataloging all APIs within an organization’s network, including internal, external, undocumented, rogue, and shadow APIs. The platform continuously updates this inventory, preventing unauthorized access points. Additionally, Qualys provides extensive API vulnerability testing using over 200 prebuilt signatures, including issues from the OWASP API Top 10. The use of AI and deep learning enhances the efficiency of vulnerability detection, achieving a 96% detection rate with an 80% reduction in scan time.

Qualys also emphasizes compliance monitoring, ensuring APIs adhere to industry standards such as PCI-DSS, GDPR, and HIPAA. The platform’s TruRisk™ scoring system helps prioritize vulnerabilities based on factors like severity, exploitability, and business impact, focusing on the most critical threats first. Furthermore, Qualys integrates with CI/CD tools and IT ticketing systems, supporting both shift-left and shift-right security practices, and fostering better collaboration between IT and security teams.

Kunal Modasiya added that Qualys API Security provides a comprehensive view of an organization’s API landscape, enabling effective management of API risks. This unified approach is essential for securing APIs in modern digital infrastructures.

Qualys is known for its innovative cloud-based security solutions, offering tools for vulnerability management, compliance monitoring, and web application security. The company’s commitment to sustainability and its focus on ESG considerations, including reducing its carbon footprint and promoting diversity, further enhance its leadership position in the cybersecurity industry.

With the launch of its AI-powered WAS and API security platform, Qualys continues to provide cutting-edge solutions that help businesses protect their digital assets and support their digital transformation efforts.