Qualys Community

1063 posts

Mystery Magic Bytes From The Equation Leak

Days ago, a mysterious online group called Shadow Brokers claims to have stolen US “cyber weapons” from a hacking team called Equation Group.  These “cyber weapons” contain about a dozen vulnerabilities which are believed to be exploits used by the National Security Agency (NSA). In this blog, I will analyze the shellcode from the Cisco exploit and show its behind-the-scenes behavior.

Continue reading …

Qualys Cloud Platform 2.16 New Features

A new release of the Qualys Cloud Platform (AssetView 2.16, Cloud Agent Platform 1.7.0) includes several new features for AssetView, ThreatPROTECT and Cloud Agent.

Continue reading …

Equation Group Hack: Cisco ASA and FortiGate Vulnerabilities

cisco-asa-fortinet

By now you must have heard about the Equation group hack, Shadow Brokers, NSA ANT catalog and an entire gamut of information. Here I will update on what we have confirmed and how it affects your patching effort.

Continue reading …

Qualys Cloud Platform 2.15 New Features

A new release of the Qualys Cloud Platform (AssetView 2.15, Cloud Agent Platform 1.6.0) includes several new features for AssetView and support for additional operating systems for Cloud Agent.

The specific day for deployment will differ depending on the platform. Release Dates will be published on the Qualys Status page when available.

Continue reading …

Microsoft Patch Tuesday August 2016

Its August 2016 Patch Tuesday and Microsoft has released nine security bulletins that affect a host of components including desktop operating systems, browsers, fonts  and servers. Five updates are rated as critical while four are rated as important.

Continue reading …

WAS 4.9 Introduces Global Exclusion Lists and Scan Comparison Feature

We are pleased to announce Qualys Web Application Scanning 4.9 (WAS) featuring customized global exclusion lists and enhanced reporting with a new, quick and easy scan comparison feature to help you meet your web application scanning needs and meet your business objectives even quicker.

Continue reading …

Testing AJAX Applications with JSON Input for Vulnerabilities Using Qualys WAS

Qualys Web Application Scanning 4.9 has added the capability to run web app vulnerability scans on AJAX applications that use JSON input. Specifically, WAS 4.9 can test for SQL injection (SQLi), local file injection (LFI) and PHP command injection. Many web application scanners are capable of detecting SQL injection, LFI, PHP command injection and other vulnerabilities in web applications that use standard GET/POST requests, but they fail to find the same in applications that use JSON input in POST data. To analyze and detect vulnerability in JSON requests, WAS 4.9 added the capability to execute some AJAX scripts in automatic scanning without manual intervention. This capability relies on the SmartScan feature, which customers need to enable in their subscriptions.

Continue reading …

TLS Version Intolerance in SSL Pulse

You often hear that TLS is the most important security protocol. Usually, the reasoning is that it’s very widely deployed and also that it works for many higher-level protocols. That’s certainly true, but for those who work more closely with these protocols there is another important aspect: we can learn so much about protocol design by carefully examining the evolution of TLS.

Continue reading …

Handling Cross-Site Scripting As Attacks Get More Sophisticated

Adopting third-party libraries to encode user input in the development phase and using a web application firewall in the deployment phase could fool web security managers into thinking their web applications are completely safe from Cross-Site Scripting (XSS) attacks. While it’s a good idea to employ these techniques, the illusion of safety could prove costly. These protection methods do not guarantee that your web applications are 100% free of XSS vulnerabilities, and XSS attacks that use more sophisticated techniques still occur, so care should still be taken.

Continue reading …