Qualys Blog

www.qualys.com
2 posts

Bugcrowd Integration Now Available in Qualys Web Application Scanning

The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd’s approved security researchers.

Continue reading …

Cross-Site Request Forgery: What Happened to the Sleeping Giant?

A decade ago, cross-site request forgery (CSRF, often pronounced “c-surf”) was consideredCSRF to be a sleeping giant, preparing to wake and inflict havoc on the Worldwide Web.  But the doomsday scenario never materialized and you don’t even seem to hear much about it anymore.  In this blog post, part 1 of 2, I will explore this idea and try to understand why the CSRF giant never awoke.  First we’ll cover the overall threat landscape, trends, and some notable CSRF exploits throughout the years, including one from personal experience.

Continue reading …