Qualys Blog

Update March 2: Watch videos of customer best practice presentations and Qualys product demonstrations, plus see special guest Kevin Mitnick on How to Be Safe in the Age of Big Brother and Big Data. Recorded live in the Qualys booth.

At RSA Conference USA 2017 in San Francisco, Qualys unveiled major expansions of its Cloud Platform that add new value to the unprecedented 2-second visibility of IT assets that we deliver to customers, and help organizations consolidate control of their security operations into a single-pane, cloud-based dashboard.

Here are the key announcements you should know about:

Continue reading …

Tell your security story to your peers at RSA Conference 2016 San Francisco!

Qualys is looking for customers excited to talk on security, best practices and case studies leveraging the use of Qualys technologies. Take the stage in the Qualys booth to share your experience with RSA Conference attendees two or three times total during exhibit hall hours on March 1, 2, or 3.

If you would like to be considered as a presenter, please send a title and short abstract for a 20-30 minute presentation to Victoria Venturi at vventuri@qualys.com. The call for presenters is open until January 29, 2016.

RSA Conference 2016 is held at Moscone Convention Center in San Francisco. Qualys will provide accepted presenters with a full conference pass, and pay your airfare and hotel expenses for the conference.

Here’s a summary of this week’s SSL news, in case you missed any of it:

SSL Labs API Available

Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These APIs and tool are already being used to consolidate testing of websites, detect changes in results and get notifications when certificates expire. And we continue to see public reports of poor SSL configurations, with the goal of motivating companies to improve their security. Here’s an article from eWeek.

Continue reading …

Are you a Qualys customer with an interesting story to tell about how Qualys has helped your organization improve its security posture?

If yes, we would love to have you speak in the Qualys Booth at RSA Conference 2015 in San Francisco, April 20-24, 2015.

Continue reading …

The lineup of sessions at Gartner Security & Risk Management Summit includes three presentations from Qualys. We are excited to participate in the conference, and look forward to seeing you!

Continue reading …

Qualys Community just got upgraded!

You’re seeing the new, cleaner design with full-width content that makes it easier to find answers to your questions and to connect with your IT security peers.

Read on to learn how to get the most out of your Qualys Community experience:

• Easier Navigation
• Mobile Access
• Search
• Subscriptions

And of course, please ask if you have questions or feedback or suggestions. The Qualys Community team wants to make Qualys Community as helpful and seamless for you as possible.

Continue reading …

To help keep track of what happened at RSA Conference 2014, here’s a quick list of Qualys' activities over the week:

Conference Events

Qualys CEO keynote: View Philippe Courtot’s keynote presentation on-demand. Automating the 20 Critical Security Controls: Download the slides from Wolfgang Kandek’s RSA Conference session. Book Signings: Cybersecurity and Cyberwar with authors P.W. Singer and Allan Friedman Fatal System Error with author and Reuters journalist Joseph Menn Anti-Hacker Tool Kit, Fourth Edition with author Mike Shema

Customer Reception

New Blog Posts from Qualys Community

SSL Labs: Testing for Apple’s TLS Authentication Bug: Updates to SSL Labs let you test for this newly-discovered (and now patched) bug.

MediaWiki DjVu and PDF File Upload Remote Code Execution Vulnerability: Deep-dive into only the third remote code execution vulnerability ever found to affect the MediaWiki platform.

Announcements

QualysGuard Continuous Monitoring enables customers to continuously monitor mission-critical assets throughout their perimeter and immediately get alerted to anomalies that could expose them to cyber attacks.

• Sign up for the beta.
• Read the announcement.

QualysGuard Web Application Firewall offers rapid deployment of robust security for web applications with minimal cost of ownership, and is constantly updated with new rules to keep up with application updates and newly emerging threats.

• Sign up for a free trial.
• View the features overview.
• Read the announcement and blog post.

Top 4 Security Controls helps organizations quickly determine if the PCs in their environments have properly implemented the Top 4 Critical Security Controls, which the Council on CyberSecurity estimates can help companies prevent 85% of cyber-attacks. The Top 4 Security Controls are released in collaboration with the SANS Institute and the Council on CyberSecurity.

• Sign up for Top 4 Security Controls.
• Read the announcement.

2014 SC Magazine Awards

• Qualys named Best Security Company.

Partnerships

• Risk I/O: For businesses that need to understand the vulnerability and threat risks of their organization’s perimeter in real-time, the new integration enables them to sync their vulnerability data with Risk I/O’s threat processing engine, allowing organizations to gain visibility into their most likely vector for a breach.
• AlgoSec Partners: The integration provides visibility into the risk levels of data center applications, enabling IT and security teams to effectively communicate with business stakeholders so they can “own their risk” by quickly taking the actions needed to mitigate IT security issues.

It’s time for the Top 13 of '13 — the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2013 by the Qualys Community of security professionals.

Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!

Continue reading …

Watch Philippe Courtot’s keynote at RSA Conference 2013: The Hyperconnected World of Intelligent Devices

Here are the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2012 by the Qualys Community of security professionals.

Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!

Top 10 Blog Posts

1. Mitigating the BEAST attack on TLS
2. Lessons Learned from Cracking 2 Million LinkedIn Passwords
3. Are you ready for slow reading?
4. TLS Renegotiation and Denial of Service Attacks
5. CRIME: Information Leakage Attack against SSL/TLS
6. How I Knocked Down 30 Servers from One Laptop
7. Protocol-Level Evasion of Web Application Firewalls
8. Passing the Internal Scan for PCI DSS 2.0
9. Android Security Evaluation Framework: ASEF
10. New Java 0-Day Disclosed

See the most current blog posts.

Top 10 Discussion Threads

1. How to enable TLS 1.1 & 1.2 on OpenSSL & SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability
2. PCI Failure for CVE-2011-3389 (BEAST Attack) & BEAST vulnerability detection
3. ssllabs.com’s own Apache SSL Config Directives
4. Web Server Vulnerable to Redirection Page Cross-Site Scripting Attacks
5. How to create a Linux user
6. Hidden RPC services error
7. Anybody notice an uptick in "NetBIOS Shared Folder List Available" vulnerability?
8. FIPS-Ready checks
9. FTP
10. Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache

See the most current discussion threads.

New Product Features in 2012

1. QualysGuard 7.7
2. Introducing QualysGuard Dynamic Asset Tagging and Management
3. QualysGuard 7.6
4. QualysGuard 7.5
5. QualysGuard 7.4
6. QualysGuard 7.3
7. QualysGuard 7.2
8. QualysGuard 7.1
9. QualysGuard 7.0
10. QualysGuard WAS 2.4
11. QualysGuard WAS 2.3.2
12. QualysGuard WAS 2.3.1
13. QualysGuard WAS 2.3
14. QualysGuard MDS Enterprise Edition 2.1
15. Automatic Scanning is now part of BrowserCheck Business Edition
16. Safe Browsing with Qualys BrowserCheck

Top 10 Technical Documents

1. BrowserCheck FAQ
2. QID 90780 FAQ: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability
3. Reference: QualysGuard Virtual Scanner Appliance
4. Verify QID 38140 – SSL Server Supports Weak Encryption Vulnerability
5. QualysGuard API Sample Code
6. How is QID 38142 – SSL Server Allows Anonymous Authentication Vulnerability detected?
7. How does vulnerability scanning work?
8. How does UDP port scanning and service detection work?
9. How does QualysGuard mapping work?
10. UPDATE: QID 38171 “SSL Certificate – Server Public Key less than 2048 bit”
11. Bonus document: QualysGuard Virtual Scanner Appliance: Platform Qualification Matrix

See LOTS MORE support articles and how-to’s in the Help Center.

Top 5 Videos

1. QualysGuard Vulnerability Management Video Series
2. QualysGuard Policy Compliance Video Series
3. QualysGuard Web Application Scanning Video Series
4. QualysGuard Malware Detection Service Enterprise Edition Video Series
5. Best Practice Videos

Qualys wishes you a happy, productive, and secure 2013!