Back to qualys.com
4 posts

Qualys WAS: New Detections for XML External Entities (XXE)

In the new 2017 edition of the OWASP Top 10, XML External Entities (XXE) make their first appearance at #A4 on the list. Qualys is pleased to announce that Qualys Web Application Scanning (WAS) engine 4.4 includes new detection capabilities for XXE vulnerabilities.

Continue reading …

Smart DOM XSS Detection in Qualys WAS

Recently Qualys extended the cross-site scripting (XSS) detection capabilities of Qualys Web Application Scanning (WAS) by adding a new mechanism for detecting DOM based XSS (DOM XSS) vulnerabilities. The new mechanism works in an automated manner with no special setup or knowledge requirements, enabling security teams to greatly reduce the risk from these typically hard-to-detect vulnerabilities. Because of the technique Qualys WAS uses, it also indicates the location in your code of any XSS bugs found, which is pretty convenient for your development teams.

Continue reading …

Here’s a registration discount code for AppSec Europe courtesy of Qualys

Rome_ad_QualysQualys is a sponsor of this year’s AppSec Europe, and if you use our code QLYS-EU100 you will get a €100 discount on your registration for this event, to be held in Italy from June 27 to July 1st.

The conference is organized by OWASP, a nonprofit with 200 chapters in 100 countries whose mission is to “make software security visible.” OWASP, which stands for Open Web Application Security Project, seeks to help individuals and organizations worldwide make informed decisions about software security risks.

Continue reading …

The Best of OWASP – Global AppSec Conference and the 2013 WASPY Awards

The recent Global OWASP AppSec conference the week of November 18 – 22 at the Marriott Marquis in New York City was a great way to learn more about the latest trends in application security and exchange ideas with other application security professionals.  The conference included updates on many of the OWASP projects as well as some interesting presentations such as:

  • OWASP Zed Attack Proxy – Simon Bennetts
  • Hack.me: a new way to learn web application security – Armando Romeo
  • The Perilous Future of Browser Security – RSnake

Continue reading …