Qualys Blog

16 posts

Forrester’s DeMartine Talks DevOps, IoT, Flawed Tools and Other AppSec Hot Topics

After speaking at Qualys’ recent webinar  “Aligning Web Application Security with DevOps and IoT Trends,” Forrester’s Amy DeMartine granted us this Q&A, where she revisits and offers keen insights on issues including IoT security challenges and DevOps’ benefits for secure app dev. DeMartine, a Principal Analyst focused on security and risk professionals, also discusses “red teaming” for cloud products, and identifies signs you need a new automated security analysis tool.

Continue reading …

A Comprehensive Approach to Detect and Block the Struts Critical Vulnerability CVE-2017-5638

With hackers taking advantage of the Apache Struts vulnerability and aggressively attacking enterprises worldwide, Qualys can protect your organization from this critical bug, which is hard to detect and difficult to patch.

Recently disclosed, the Struts vulnerability is being actively attacked in the wild, as hackers jump at the chance to hit high-profile targets by exploiting this critical bug. Struts, an Apache open source framework for creating “enterprise-ready” Java web applications, is abundantly present in large Internet companies, government agencies and financial institutions.

For an informative walkthrough of the vulnerability and the Qualys detections, please view the Detect and Block Apache Struts Bug webcast recording.

Continue reading …

Qualys Malware Detection 2.11 Time Zone Fix

The release of Qualys Malware Detection (MD) version 2.11 fixes the time zone feature and removes redundant time zones for easier MD scan scheduling capabilities.

Continue reading …

WAS 4.9 Introduces Global Exclusion Lists and Scan Comparison Feature

We are pleased to announce Qualys Web Application Scanning 4.9 (WAS) featuring customized global exclusion lists and enhanced reporting with a new, quick and easy scan comparison feature to help you meet your web application scanning needs and meet your business objectives even quicker.

Continue reading …

WAS 4.8 Features Vulnerability Retest Function and Finding Severity Customization

We are pleased to announce Qualys Web Application Scanning 4.8 (WAS) featuring quick and easy vulnerability retest functionality, without having to launch a full scan; and the ability to customize the severity of findings to meet your business needs.

Continue reading …

WAS 4.7 Adds Enhanced Support for Redundant Link Checks

We are pleased to announce Qualys Web Application Scanning 4.7 (WAS) featuring new and enhanced support for redundant and customizable link checks.

Continue reading …

WAS 4.6 Adds Option to Remove Unused Assets from Subscription when Deprovisioning

Previously when deprovisioning an asset in Qualys Web Application Scanning (WAS) and Web Application Firewall (WAF), we were not able to delete the main asset. This feature has now been added to Qualys WAS and WAF.

Continue reading …

Qualys WAS 4.6 Adds SmartScan

We are excited to announce Qualys Web Application Scanning 4.6 (WAS) featuring new SmartScan features. SmartScan allows for enhanced and advanced scanning of AJAX heavy web applications along with enhanced support for Single Page Applications (SPA) and also advanced frameworks such as AngularJS and bootstrap. We also are introducing enhanced support for Google Web Toolkit (GWT) and Direct Web Remoting (DWR) as well.

Continue reading …

Qualys WAS 4.5 New Features

As a follow-up to our recent major release Qualys Web Application Scanning (WAS) 4.3 and our last release of WAS 4.4, we have added a few new features, tweaks and clarifications in WAS 4.5 to allow further optimizations of scans as well as deliver some optimizations to Progressive Scanning in particular. Customers can also now receive more comprehensive CSV reporting on their scans. This allows customers to continue to deliver targeted web application security metrics to all the stakeholders while ensuring a successful web application security program meets the protection of all organizational demands.

Continue reading …

Qualys MD 2.8 New Features

Qualys Malware Detection (MD) provides detailed malware infection reports provided along with infected code for remediation on your web applications. The new Qualys MD 2.8 release now allows customers the flexibility of having scans run hourly!

Continue reading …