Educause Security Discussion mailing list archives
Re: Qualys Express
From: Antonio Crespo <acrespo () BARNARD EDU>
Date: Mon, 13 Apr 2015 16:45:31 -0400
Hi Thomas, Here are some quick comments - In a previous role/organization about 3 years ago, we used QualysGuard Express, web application scanning, and their PCI ASV approved scanner for our external facing services. We used it mostly for scanning windows and cisco devices. We didn't integrate the scanner with any services, but manually managed the findings in our existing ticketing system. We opted to install an appliance onsite that allowed us to scan internally as well. The IP management was strict due to their licensing, so any time that we wanted to change an IP address, we had to open a request to do so. The express scanning was easy to use, receive alerts, or obtain reports; and the findings came with links/references to help people to understand the findings. Not a lot of false positives if you give it server credentials when scanning. The web application scanner was new at the time and was very high level for an automated scanning tool, but we ran it daily. You could save credentials and it found some some minor XSS and other items at that time, but I followed up regularly with manual testing for more thorough/complex testing and found issues. The PCI scanning did it's job for us, which was giving us an easy way to get a PCI approved scan to submit to our acquiring bank. Please let me know if you have any specific questions or want more detail on anything above. I hope this helps. -- Best Regards, Antonio Crespo Director, IT Security Barnard College | Columbia University *Avoid "phishing" scams: * Review phishing and spam avoidance tips on the Columbia website by searching for the word *PHISHING*. ***This message is intended for the use of the addressee and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the information contained in this message is strictly unauthorized and prohibited. If you have received this message in error, please notify the sender by reply e-mail and delete the message from your system. Opinions, conclusions or other statements in this message are neither given nor endorsed by Barnard College. This email is for informational purposes only and not meant to bind the sender or Barnard College.*** On Mon, Apr 13, 2015 at 2:59 PM, Thomas Carter <tcarter () austincollege edu> wrote:
Is anyone using Qualys Express in their security environment? Opinions or other information that you can share about your experience with it? Thomas Carter Network and Operations Manager Austin College 903-813-2564 [image: AusColl_Logo_Email]
Current thread:
- Qualys Express Thomas Carter (Apr 13)
- Re: Qualys Express Robert Olivarez (Apr 13)
- Re: Qualys Express Antonio Crespo (Apr 13)