Black Hat USA 2019 is still two months away, but it’s never too early for attendees to start planning their schedule. That’s why each week we’re recommending one session from the scores of research briefings and training courses that will be offered at the conference. Following our first pick last week, here’s our second recommendation: Attacking and Securing APIs.

This hands-on, two-day course will teach participants how to build secure web and cloud APIs, which is increasingly important as their usage skyrockets. The instructor is Mohammed Aldoub, a security consultant and trainer with 10 years of experience who worked on Kuwait’s national cyber security infrastructure and focuses on APIs, secure DevOps, cloud security and cryptography.

The course is designed for software developers, security engineers, bug bounty hunters and others. Key takeaways include creating secure web APIs and microservices infrastructure; assessing the security of API implementation and configuration; and using cloud-native tools and infrastructure to deliver secure APIs.

Continue reading …

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event.

The training sessions provide both offensive and defensive skills that security pros can use to tackle critical threats affecting applications, IoT systems, cloud services, and more. Meanwhile, the briefing sessions feature cutting-edge research on the latest infosec risks and trends. All sessions are led by expert trainers and researchers.

To help attendees decide which sessions to choose, we’ve selected ten that we think will be particularly relevant and valuable for Qualys customers, and we’ll highlight one each week here on our blog. Here’s our first recommendation: Advanced Cloud Security And Applied Devsecops.

This highly technical course delves deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments, and focuses on IaaS and PaaS.

“Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but how they apply is dramatically different, especially at enterprise scale,” reads the course abstract.

Continue reading …

Watch the presentations from the Qualys booth at Black Hat USA 2018, available online now. Learn how your peers are securing their environments and see the breadth and depth of Qualys solutions.

Industry-Leading Best Practices

Qualys customers explain how they run their industry-leading security programs.

Continue reading …

Two weeks ago, our team from Qualys Engineering participated in the Black Hat, B-Sides and DEF CON events in Las Vegas, and presented sessions on Web application security, flaws in Internet attached DVRs and introduced a tool to probe for DoS problems in web applications.

But we were mainly in Las Vegas to attend presentations to see the latest on what is going on in our field and maintain the relationships with other researchers and vendors. We saw a number of excellent presentations, so many that we had to break it up into two parts.

Here is the second pass of our favorites, click here for our first pass:

Continue reading …

Last week, our team from Qualys Engineering participated in the Black Hat, B-Sides and DEF CON events in Las Vegas, and presented sessions on Web application security, flaws in Internet attached DVRs and introduced a tool to probe for DoS problems in web applications.

But we were mainly in Las Vegas to attend presentations to see the latest on what is going on in our field and maintain the relationships with other researchers and vendors. We saw a number of excellent presentations, here is a quick rundown of our favorites:

Continue reading …

I am not a paranoid person and most industry conferences I go to don’t generate any worries about security.  You go and participate, but otherwise operate normally, working, emailing, texting, tweeting. But not at DEF CON, or even its corporate sister event Black Hat, which run next week in Las Vegas.

Those shows together attract the world’s top hackers and security researchers, who share research on the latest threats and attacks. With that many security experts in one spot, it is not uncommon to see some or other groups running cons, attacks and gaming devices, all in good fun, pushing the limits and testing boundaries. And there are also plenty of pranksters.

What does this mean for you, the attendee, exactly? It means that you have to really be vigilant about securing your computer and data when you are there, or you will end up on the famed Wall of Sheep, where usernames and passwords sniffed from the Wi-Fi network are displayed for all to see. Every year, many a security professional has fallen prey to that.

Continue reading …