Qualys is a commercial vulnerability and web application scanner. It can be used to proactively locate, identify, and assess vulnerabilities so that they can be prioritized and corrected before they are targeted and exploited by attackers.
Qualys Vulnerability Manager is a general purpose scanner that can be used to perform network-based scans. These scans can be performed from the Internet, or from internal-campus scanners.
Qualys Web Application Scanner focuses on web application vulnerabilities, such as the industry standard Open Web Application Security Project Top 10 list to categorize the most critical risks faced by web apps. QualysGuard Web Application Scanner finds these vulnerabilities, including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection.
If you'd like an account to use Qualys, please submit a HelpSU request. For network vulnerability scanning, be sure to include the IP address of your machine or the network that you manage. For web applications, please specify URLs, e.g., your_server_name.stanford.edu. You will be required to be listed as either the User or the Admin in NetDB for the respective addresses and/or servers.
If you already have an account, please log in using the SAML SSO login page. Sign in using your SUNet ID.
Qualys is a licensed service to Stanford; we'll pay for what we use. You're encouraged to use the service, but as part of our routine system hygiene, we'll be purging unused accounts after 90 days of non-use.