To help businesses guard against Log4Shell, Qualys, Inc. has made its Web Application Scanning(WAS) solution available for free for 30 days.
“Log4Shell is the most alarming vulnerability we’ve seen in the last decade and helping the community battle this unprecedented threat is at the forefront of our focus,” said Sumedh Thakar president and CEO of Qualys.
He added, “Many organizations are scrambling to find ways to detect their exposure to Log4Shell. We hope the free access to our app along with the open-source scripts we released will help security teams rapidly assess and secure their external web attack surface.”
The zero-day RCE vulnerability in Apache Log4Shell has sparked widespread concern, with US government authorities calling it “one of the most dangerous problems they’ve seen.” With the number of known attacks growing regularly, the vulnerability poses a threat to practically any web application.
Web Application Scanning skills are critical for detecting these flaws because they mimic the approach of Log4Shell exploits. Qualys is giving its WAS app, which scans web apps and APIs for the Log4Shell (CVE-2021-44228) vulnerability, free for 30 days to help customers protect themselves from this threat.
Through its powerful out-of-band detection algorithms, Qualys WAS makes accurate detections of apps vulnerable to Log4Shell. WAS employs specially created payloads to imitate the attack method used by hostile actors to locate susceptible sites. Vulnerable sites are rapidly and readily detected for cleanup, effectively shutting off attackers before they ever realise you’re vulnerable.