Case Study: Cisco achieves on-time, secure and compliant web app delivery with Qualys WAS

Cisco Group Bakes Security into Web App Dev Process

Cisco’s Government Trust and Technology Services group at Cisco faced a broken, siloed web application lifecycle: developers worked with little security visibility and only handed apps to security at the end, producing late vulnerability discoveries, missed deadlines and gaps in compliance with standards like NIST and PCI. The team needed a more agile, collaborative and policy‑compliant process that caught risks earlier.

They embedded Qualys Web Application Scanning (WAS) into the SDLC—using APIs, training developers, running continuous scans on both COTS and custom apps, and driving risk assessments and new internal policies. The change created better communication and accountability, faster remediation, improved compliance, a reliable “source of truth” for app security, and on‑time, more secure and less costly deployments.

Cisco

Robert Martin

Senior Engineer - Information Security