Case Study: Microsoft Corporation reins in global web application security risk with Qualys (QualysGuard WAS)

Reigning in Global Web Application Security Risk

Microsoft’s Information Security & Risk Management (ISRM) team is responsible for assessing the security of thousands of web applications used by subsidiaries worldwide. Faced with rapidly developed and often short‑lived third‑party apps, the team needed a scalable, automated way to evaluate many applications quickly with high accuracy, low false positives, and actionable reporting.

After testing leading tools on roughly 200 apps, ISRM selected QualysGuard Web Application Scanning (WAS). Built on a cloud platform, QualysGuard WAS provided high‑volume scanning without extra licenses, an intuitive workflow, low false‑positive rates, and detailed reports. Today hundreds of subsidiary apps are scanned annually, improving Microsoft’s web application security posture and enabling plans to expand self‑service assessments via the Qualys API.

Microsoft Corporation

Ahmad Mahdi

ISRM Manager