Here are the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2012 by the Qualys Community of security professionals.
Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!
Top 10 Blog Posts
- Mitigating the BEAST attack on TLS
- Lessons Learned from Cracking 2 Million LinkedIn Passwords
- Are you ready for slow reading?
- TLS Renegotiation and Denial of Service Attacks
- CRIME: Information Leakage Attack against SSL/TLS
- How I Knocked Down 30 Servers from One Laptop
- Protocol-Level Evasion of Web Application Firewalls
- Passing the Internal Scan for PCI DSS 2.0
- Android Security Evaluation Framework: ASEF
- New Java 0-Day Disclosed
See the most current blog posts.
Top 10 Discussion Threads
- How to enable TLS 1.1 & 1.2 on OpenSSL & SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability
- PCI Failure for CVE-2011-3389 (BEAST Attack) & BEAST vulnerability detection
- ssllabs.com’s own Apache SSL Config Directives
- Web Server Vulnerable to Redirection Page Cross-Site Scripting Attacks
- How to create a Linux user
- Hidden RPC services error
- Anybody notice an uptick in "NetBIOS Shared Folder List Available" vulnerability?
- FIPS-Ready checks
- Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache
See the most current discussion threads.
New Product Features in 2012
- QualysGuard 7.7
- Introducing QualysGuard Dynamic Asset Tagging and Management
- QualysGuard 7.6
- QualysGuard 7.5
- QualysGuard 7.4
- QualysGuard 7.3
- QualysGuard 7.2
- QualysGuard 7.1
- QualysGuard 7.0
- QualysGuard WAS 2.4
- QualysGuard WAS 2.3.2
- QualysGuard WAS 2.3.1
- QualysGuard WAS 2.3
- QualysGuard MDS Enterprise Edition 2.1
- Automatic Scanning is now part of BrowserCheck Business Edition
- Safe Browsing with Qualys BrowserCheck
Top 10 Technical Documents
- BrowserCheck FAQ
- QID 90780 FAQ: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability
- Reference: QualysGuard Virtual Scanner Appliance
- Verify QID 38140 – SSL Server Supports Weak Encryption Vulnerability
- QualysGuard API Sample Code
- How is QID 38142 – SSL Server Allows Anonymous Authentication Vulnerability detected?
- How does vulnerability scanning work?
- How does UDP port scanning and service detection work?
- How does QualysGuard mapping work?
- UPDATE: QID 38171 “SSL Certificate – Server Public Key less than 2048 bit”
- Bonus document: QualysGuard Virtual Scanner Appliance: Platform Qualification Matrix
See LOTS MORE support articles and how-to’s in the Help Center.
Top 5 Videos
- QualysGuard Vulnerability Management Video Series
- QualysGuard Policy Compliance Video Series
- QualysGuard Web Application Scanning Video Series
- QualysGuard Malware Detection Service Enterprise Edition Video Series
- Best Practice Videos
Qualys wishes you a happy, productive, and secure 2013!
Brian Krebs, Journalist
Wolfgang Kandek, CTO, Qualys
Rodrigo Branco, Researcher, Qualys
Rich Mogull, Analyst & CEO, SECUROSIS
Gunter Ollman, CTO, Damballa
Andy Bonillo, Principal, Investigative Response, Verizon
September 29, 2011 at Qualys Security Conference 2011 San Francisco
- What is APT?
- What makes APTs successful when they’re successful?
- Are so-called APTs executed via vulnerabilities that should have been patched?
- Good system administration is the baseline defense.
- How does any organization protect itself against the most sophisticated attacks?
- Do organizations have the ability to know how long they have been pwned?
- TCP: total cost of pwnage.
- Dynamics of the APT ecosystem.
- Best practices for securing systems.
- What happens when organizations fail to detect APTs?
- What can we do to make things better?
- Are you hopeful the community will share information?
- Q&A: What should we look for in log files?
- Q&A: What is opinion on virtual patching?
- Q&A: What is impact of increase in mobile devices?
58 minutes, 32 seconds
Sometimes it’s the little things that make your day run more smoothly. The release of QualysGuard 6.19 includes highly-focused new features that add functionality for Windows systems. Also, an update to the Qualys KnowledgeBase identifies vulnerabilities that can be attacked via exploit kits, helping organizations better prioritize patching efforts and protect against vulnerabilities that could be abused via exploit kits.
Windows Share Enumeration: Find Windows shares that are readable by everyone, and report details like the number of files in the share and whether the files are writable. This is good for identifying groups of files that may need tighter access control.
Detailed Audit Settings: Verify auditing subcategory settings introduced in Windows Vista, Windows 7, and Windows Server 2008. You can now check all of the audit logging settings within Windows.
ExploitKit Mapping: If a vulnerability can be attacked via an exploit kit, it should be considered higher priority simply because of the larger number of people who can easily attempt to attack it via the exploit kit. The new ExploitKit Mapping in the KnowledgeBase makes it easier to identify these vulnerabilities and prioritize their remediation.
Welcome to the Qualys Technology Blog, a team blog written by the thought leaders at Qualys.
This blog will expose to the Qualys Community some of the interesting technical projects under way at Qualys and some of the talented people behind those projects. The focus of the articles will be to explain the technology and show how it is relevant and interesting. And it will give community members a forum to engage with each other and with Qualys around new, cutting edge topics.
The latest version of the SSL Labs assessment software (1.0.59) is now online, and it includes the following improvements:
- Cipher suite preference test, which tells you if servers pay attention to which cipher suites they use (or merely use the first suite offered by a client)
- Clear cache feature, which clears cache and allows for a quick check-fix-check cycle
- Detect Strict-Transport-Security header in response, which indicates STS support
- Session resumption test, which checks for the performance optimization after the initial full handshake
- TLS version intolerance test, which tests how servers react to not-yet-released versions of TLS
- Prefix handling changes; this test will now take into account if the tested domain name (with and without prefix) points to a particular server. It will also relax the check for 2nd-level domain names (e.g., secure.example.com)