This release of the Qualys Cloud Platform version 2.26 includes updates and new features for Cloud Agent, AssetView, Security Assessment Questionnaire and Web Application Scanning as follows:
SSL & Early TLS vulnerabilities such as QID 38628 “SSL/TLS Server supports TLSv1.0”\ will be marked as a Fail for PCI as of May 1, 2017 in accordance with the PCI DSS v3.2. For existing implementations, merchants will be able to submit a PCI False Positive / Exception Request and provide proof of their Risk Mitigation & Migration Plan, which will result in a pass for PCI until June 30, 2018.
After speaking at Qualys’ recent webinar “Aligning Web Application Security with DevOps and IoT Trends,” Forrester’s Amy DeMartine granted us this Q&A, where she revisits and offers keen insights on issues including IoT security challenges and DevOps’ benefits for secure app dev. DeMartine, a Principal Analyst focused on security and risk professionals, also discusses “red teaming” for cloud products, and identifies signs you need a new automated security analysis tool.
With hackers taking advantage of the Apache Struts vulnerability and aggressively attacking enterprises worldwide, Qualys can protect your organization from this critical bug, which is hard to detect and difficult to patch.
Recently disclosed, the Struts vulnerability is being actively attacked in the wild, as hackers jump at the chance to hit high-profile targets by exploiting this critical bug. Struts, an Apache open source framework for creating “enterprise-ready” Java web applications, is abundantly present in large Internet companies, government agencies and financial institutions.
For an informative walkthrough of the vulnerability and the Qualys detections, please view the Detect and Block Apache Struts Bug webcast recording.
We are pleased to announce Qualys Web Application Scanning 4.9 (WAS) featuring customized global exclusion lists and enhanced reporting with a new, quick and easy scan comparison feature to help you meet your web application scanning needs and meet your business objectives even quicker.
We are excited to announce Qualys Web Application Scanning (WAS) 4.6, featuring the new SmartScan feature. SmartScan allows for better crawling and scanning of AJAX-heavy web applications along with enhanced support for Single Page Applications (SPAs) and modern frameworks such as AngularJS and Bootstrap. We are introducing enhanced support for Google Web Toolkit (GWT) and Direct Web Remoting (DWR) as well.