Qualys Blog

www.qualys.com
18 posts

Qualys Cloud Platform 2.26 New Features

This release of the Qualys Cloud Platform version 2.26 includes updates and new features for Cloud Agent, AssetView, Security Assessment Questionnaire and Web Application Scanning as follows:

Continue reading …

PCI DSS v3.2 & Migrating from SSL and Early TLS v1.1

SSL & Early TLS vulnerabilities such as QID 38628 “SSL/TLS Server supports TLSv1.0”\ will be marked as a Fail for PCI as of May 1, 2017 in accordance with the PCI DSS v3.2.  For existing implementations, merchants will be able to submit a PCI False Positive / Exception Request and provide proof of their Risk Mitigation & Migration Plan, which will result in a pass for PCI until June 30, 2018.

Continue reading …

Forrester’s DeMartine Talks DevOps, IoT, Flawed Tools and Other AppSec Hot Topics

After speaking at Qualys’ recent webinar  “Aligning Web Application Security with DevOps and IoT Trends,” Forrester’s Amy DeMartine granted us this Q&A, where she revisits and offers keen insights on issues including IoT security challenges and DevOps’ benefits for secure app dev. DeMartine, a Principal Analyst focused on security and risk professionals, also discusses “red teaming” for cloud products, and identifies signs you need a new automated security analysis tool.

Continue reading …

A Comprehensive Approach to Detect and Block the Struts Critical Vulnerability CVE-2017-5638

With hackers taking advantage of the Apache Struts vulnerability and aggressively attacking enterprises worldwide, Qualys can protect your organization from this critical bug, which is hard to detect and difficult to patch.

Recently disclosed, the Struts vulnerability is being actively attacked in the wild, as hackers jump at the chance to hit high-profile targets by exploiting this critical bug. Struts, an Apache open source framework for creating “enterprise-ready” Java web applications, is abundantly present in large Internet companies, government agencies and financial institutions.

For an informative walkthrough of the vulnerability and the Qualys detections, please view the Detect and Block Apache Struts Bug webcast recording.

Continue reading …

Qualys Malware Detection 2.11 Time Zone Fix

The release of Qualys Malware Detection (MD) version 2.11 fixes the time zone feature and removes redundant time zones for easier MD scan scheduling capabilities.

Continue reading …

WAS 4.9 Introduces Global Exclusion Lists and Scan Comparison Feature

We are pleased to announce Qualys Web Application Scanning 4.9 (WAS) featuring customized global exclusion lists and enhanced reporting with a new, quick and easy scan comparison feature to help you meet your web application scanning needs and meet your business objectives even quicker.

Continue reading …

WAS 4.8 Features Vulnerability Retest Function and Finding Severity Customization

We are pleased to announce Qualys Web Application Scanning 4.8 (WAS) featuring quick and easy vulnerability retest functionality, without having to launch a full scan; and the ability to customize the severity of findings to meet your business needs.

Continue reading …

WAS 4.7 Adds Enhanced Support for Redundant Link Checks

We are pleased to announce Qualys Web Application Scanning 4.7 (WAS) featuring new and enhanced support for redundant and customizable link checks.

Continue reading …

WAS 4.6 Adds Option to Remove Unused Assets from Subscription when Deprovisioning

Previously when deprovisioning an asset in Qualys Web Application Scanning (WAS) and Web Application Firewall (WAF), we were not able to delete the main asset. This feature has now been added to Qualys WAS and WAF.

Continue reading …

Qualys WAS 4.6 Adds SmartScan

We are excited to announce Qualys Web Application Scanning 4.6 (WAS) featuring new SmartScan features. SmartScan allows for enhanced and advanced scanning of AJAX heavy web applications along with enhanced support for Single Page Applications (SPA) and also advanced frameworks such as AngularJS and bootstrap. We also are introducing enhanced support for Google Web Toolkit (GWT) and Direct Web Remoting (DWR) as well.

Continue reading …