All Posts

2 posts

Using Qualys WAS Scan to Detect ShellShock Vulnerability

Qualys Web Application Scanning (WAS) has added a new detection that will provide the most comprehensive identification of the Shellshock vulnerability across all of your web applications. With the ability to crawl and identify even non-standard directory locations within your web application, Qualys WAS will deliver the most accurate, detailed and reliable form of automated ShellShock detection for web applications. ShellShock is a wide-reaching vulnerability with multiple attack vectors. If you use any form of Linux or Unix machines in your network you are likely to have the vulnerability.  We have released a new QID (150134) for WAS specifically for this purpose.

Continue reading …

Microsoft Announces Bug Bounty Program

Microsoft announced today the launch of its bug bounty program in which it will offer $100,000 for exploitation techniques against protections built into the latest version of Windows 8.1 Preview, plus another $50,000 for defensive ideas that accompany a qualifying mitigation bypass submission. And finally $11,000 USD for critical vulnerabilities that affect Internet Explorer 11 preview on the latest version of Windows 8.1 Preview.

But wait, what happed of the $250,000 prize that Microsoft gave away at Bluehat? The company was able to implement one of those ideas into EMET to block ROP exploits. In other words, it was able to make Windows safer.

Continue reading …