Cloud security vendor Qualys has launched a new version of its web application scanning service, which the company claims will help organisations to comply with the European Union (EU) Cookie Directive.
Qualys said that one of the challenges with the new regulations for many organisations is identifying if a particular site or web application is using cookies that require the user’s consent.
Cookies are small sections of code that websites put on a user's computer so that they can remember something. They are used to enable websites to remember users’ preferences, but can also be used to track consumers’ browsing behaviour for targeted advertising purposes.
Most web application scanning solutions report the cookies that a web site is issuing via the Information Gathered QID 150028 test. However, this can lead to the inclusion of cookies that were issued after the user's explicit consent has been obtained.
This is because web application scanners typically follow all links, including those that are most commonly used to obtain user consent.
The new version of QualysGuard Web Application Scanning (WAS) uses a new test, QID 150099, which avoids the most common user consent techniques while gathering cookies from the website. This allows organisations to identify the cookies they are issuing without the user’s consent, including those issued by third parties.
The EU Cookie Directive is an amendment to the European Union’s Privacy and Electronic Communications Directive, and requires anyone running a website to get explicit opt-in consent from their visitors before deploying cookies.
The law came into force in the UK on 26 May, but a large number of major UK organisations across UK private and public sectors are still not compliant, despite risking heavy fines of up to £500,000.
“As this new law impacts any websites with European visitors, we are pleased to provide our customers with an easy-to-use solution to quickly assess their websites and provide an accurate list of the ones that store cookies so they can review and update to meet this new law,” said Philippe Courtot, chairman and CEO of Qualys.