Qualys Blog

www.qualys.com
14 posts

RSA Conference 2017 Highlights: Qualys Cloud Platform Expansions

Update March 2: Watch videos of customer best practice presentations and Qualys product demonstrations, plus see special guest Kevin Mitnick on How to Be Safe in the Age of Big Brother and Big Data. Recorded live in the Qualys booth.

At RSA Conference USA 2017 in San Francisco, Qualys unveiled major expansions of its Cloud Platform that add new value to the unprecedented 2-second visibility of IT assets that we deliver to customers, and help organizations consolidate control of their security operations into a single-pane, cloud-based dashboard.

Here are the key announcements you should know about:

Continue reading …

Call For Customer Presentations at RSA Conference 2016!

RSA Conference Presentation in Qualys BoothTell your security story to your peers at RSA Conference 2016 San Francisco!

Qualys is looking for customers excited to talk on security, best practices and case studies leveraging the use of Qualys technologies. Take the stage in the Qualys booth to share your experience with RSA Conference attendees two or three times total during exhibit hall hours on March 1, 2, or 3.

If you would like to be considered as a presenter, please send a title and short abstract for a 20-30 minute presentation to Victoria Venturi at vventuri@qualys.com. The call for presenters is open until January 29, 2016.

RSA Conference 2016 is held at Moscone Convention Center in San Francisco. Qualys will provide accepted presenters with a full conference pass, and pay your airfare and hotel expenses for the conference.

SSL News Roundup

Here’s a summary of this week’s SSL news, in case you missed any of it:

SSL Labs API Available

Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These APIs and tool are already being used to consolidate testing of websites, detect changes in results and get notifications when certificates expire. And we continue to see public reports of poor SSL configurations, with the goal of motivating companies to improve their security. Here’s an article from eWeek.

Continue reading …

Call for Customer Presenters in Qualys Booth at RSA Conference 2015

Are you a Qualys customer with an interesting story to tell about how Qualys has helped your organization improve its security posture?

If yes, we would love to have you speak in the Qualys Booth at RSA Conference 2015 in San Francisco, April 20-24, 2015.

Continue reading …

Gartner Security & Risk Management Summit

Gartner Security & Risk Management SummitThe lineup of sessions at Gartner Security & Risk Management Summit includes three presentations from Qualys. We are excited to participate in the conference, and look forward to seeing you!

Continue reading …

Welcome to the New and Improved Qualys Community

Qualys Community just got upgraded!

You’re seeing the new, cleaner design with full-width content that makes it easier to find answers to your questions and to connect with your IT security peers.

Read on to learn how to get the most out of your Qualys Community experience:

And of course, please ask if you have questions or feedback or suggestions. The Qualys Community team wants to make Qualys Community as helpful and seamless for you as possible.

Continue reading …

Qualys at RSA Conference 2014

To help keep track of what happened at RSA Conference 2014, here’s a quick list of Qualys' activities over the week:

Conference Events

New Blog Posts from Qualys Community

SSL Labs: Testing for Apple’s TLS Authentication Bug: Updates to SSL Labs let you test for this newly-discovered (and now patched) bug.

MediaWiki DjVu and PDF File Upload Remote Code Execution Vulnerability: Deep-dive into only the third remote code execution vulnerability ever found to affect the MediaWiki platform.

Announcements

QualysGuard Continuous Monitoring enables customers to continuously monitor mission-critical assets throughout their perimeter and immediately get alerted to anomalies that could expose them to cyber attacks.

QualysGuard Web Application Firewall offers rapid deployment of robust security for web applications with minimal cost of ownership, and is constantly updated with new rules to keep up with application updates and newly emerging threats.

Top 4 Security Controls helps organizations quickly determine if the PCs in their environments have properly implemented the Top 4 Critical Security Controls, which the Council on CyberSecurity estimates can help companies prevent 85% of cyber-attacks. The Top 4 Security Controls are released in collaboration with the SANS Institute and the Council on CyberSecurity.

2014 SC Magazine Awards

Partnerships

  • Risk I/O: For businesses that need to understand the vulnerability and threat risks of their organization’s perimeter in real-time, the new integration enables them to sync their vulnerability data with Risk I/O’s threat processing engine, allowing organizations to gain visibility into their most likely vector for a breach.
  • AlgoSec Partners: The integration provides visibility into the risk levels of data center applications, enabling IT and security teams to effectively communicate with business stakeholders so they can “own their risk” by quickly taking the actions needed to mitigate IT security issues.

Top 13 of ’13: Qualys Community

It’s time for the Top 13 of '13 — the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2013 by the Qualys Community of security professionals.

Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!

Continue reading …

Top 10 of 2012 from Qualys Community

Here are the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2012 by the Qualys Community of security professionals.

Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!

Top 10 Blog Posts

  1. Mitigating the BEAST attack on TLS
  2. Lessons Learned from Cracking 2 Million LinkedIn Passwords
  3. Are you ready for slow reading?
  4. TLS Renegotiation and Denial of Service Attacks
  5. CRIME: Information Leakage Attack against SSL/TLS
  6. How I Knocked Down 30 Servers from One Laptop
  7. Protocol-Level Evasion of Web Application Firewalls
  8. Passing the Internal Scan for PCI DSS 2.0
  9. Android Security Evaluation Framework: ASEF
  10. New Java 0-Day Disclosed

See the most current blog posts.

Top 10 Discussion Threads

  1. How to enable TLS 1.1 & 1.2 on OpenSSL & SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability
  2. PCI Failure for CVE-2011-3389 (BEAST Attack) & BEAST vulnerability detection
  3. ssllabs.com’s own Apache SSL Config Directives
  4. Web Server Vulnerable to Redirection Page Cross-Site Scripting Attacks
  5. How to create a Linux user
  6. Hidden RPC services error
  7. Anybody notice an uptick in "NetBIOS Shared Folder List Available" vulnerability?
  8. FIPS-Ready checks
  9. FTP
  10. Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache

See the most current discussion threads.

New Product Features in 2012

  1. QualysGuard 7.7
  2. Introducing QualysGuard Dynamic Asset Tagging and Management
  3. QualysGuard 7.6
  4. QualysGuard 7.5
  5. QualysGuard 7.4
  6. QualysGuard 7.3
  7. QualysGuard 7.2
  8. QualysGuard 7.1
  9. QualysGuard 7.0
  10. QualysGuard WAS 2.4
  11. QualysGuard WAS 2.3.2
  12. QualysGuard WAS 2.3.1
  13. QualysGuard WAS 2.3
  14. QualysGuard MDS Enterprise Edition 2.1
  15. Automatic Scanning is now part of BrowserCheck Business Edition
  16. Safe Browsing with Qualys BrowserCheck

Top 10 Technical Documents

  1. BrowserCheck FAQ
  2. QID 90780 FAQ: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability
  3. Reference: QualysGuard Virtual Scanner Appliance
  4. Verify QID 38140 – SSL Server Supports Weak Encryption Vulnerability
  5. QualysGuard API Sample Code
  6. How is QID 38142 – SSL Server Allows Anonymous Authentication Vulnerability detected?
  7. How does vulnerability scanning work?
  8. How does UDP port scanning and service detection work?
  9. How does QualysGuard mapping work?
  10. UPDATE: QID 38171 “SSL Certificate – Server Public Key less than 2048 bit”
  11. Bonus document: QualysGuard Virtual Scanner Appliance: Platform Qualification Matrix

See LOTS MORE support articles and how-to’s in the Help Center.

Top 5 Videos

  1. QualysGuard Vulnerability Management Video Series
  2. QualysGuard Policy Compliance Video Series
  3. QualysGuard Web Application Scanning Video Series
  4. QualysGuard Malware Detection Service Enterprise Edition Video Series
  5. Best Practice Videos

Qualys wishes you a happy, productive, and secure 2013!