All Posts

1 posts

Introducing Periscope: Out-of-Band Vulnerability Detection Mechanism in Qualys WAS

Web applications and REST APIs can be susceptible to a certain class of vulnerabilities that can’t be detected by a traditional HTTP request-response interaction.  These vulnerabilities are challenging to find but provide a way for attackers to target otherwise inaccessible, internal systems.  An attacker can potentially use this to their advantage.  Essentially, a vulnerable application (or API) can be used as a proxy for an attack against a separate internal application, a cloud service, or other protected system.

Continue reading …