All Posts

3 posts

Black Hat USA 2018 Best Practices Videos

Watch the presentations from the Qualys booth at Black Hat USA 2018, available online now. Learn how your peers are securing their environments and see the breadth and depth of Qualys solutions.

Industry-Leading Best Practices

Qualys customers explain how they run their industry-leading security programs.

Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra

Continue reading …

Advanced Persistent Threats Experts Video


Brian Krebs, Journalist



Wolfgang Kandek, CTO, Qualys

Rodrigo Branco, Researcher, Qualys

Rich Mogull, Analyst & CEO, SECUROSIS

Gunter Ollman, CTO, Damballa

Andy Bonillo, Principal, Investigative Response, Verizon



September 29, 2011 at Qualys Security Conference 2011 San Francisco


Topics include:

  • What is APT?
  • What makes APTs successful when they’re successful?
  • Are so-called APTs executed via vulnerabilities that should have been patched?
  • Good system administration is the baseline defense.
  • How does any organization protect itself against the most sophisticated attacks?
  • Do organizations have the ability to know how long they have been pwned?
  • TCP: total cost of pwnage.
  • Dynamics of the APT ecosystem.
  • Best practices for securing systems.
  • What happens when organizations fail to detect APTs?
  • What can we do to make things better?
  • Are you hopeful the community will share information?
  • Q&A: What should we look for in log files?
  • Q&A: What is opinion on virtual patching?
  • Q&A: What is impact of increase in mobile devices?



58 minutes, 32 seconds

Why You Should Always Use HTTPS

By now it’s common practice for web sites to serve login pages over HTTPS in order to send passwords over an encrypted channel. Yet if the site unleashes the authenticated user back onto HTTP links (no "S"), then protecting the password may be a moot point.

From a web application’s point of view, your initial identity is proved by submitting valid credentials, but your identity in subsequent requests is tied to one or more "session tokens" — basically temporary cookies that are supposed to be unique to your browser. The following video demonstrates what happens when your browser’s unencrypted traffic is intercepted by a sniffer (like using a Wi-Fi connection in a cafe, library, airport, or even at home).

You can find a longer explanation of this problem (without getting tripped up in technical details) in one of my articles on Mashable.

Duration: 5 minutes