Qualys Blog

www.qualys.com
14 posts

Qualys WAF 2.0 Protects Against Critical Apache Struts Jakarta Vulnerability ( CVE-2017-5638 )

On March 8, 2017, Qualys published a detailed blog to describe a critical vulnerability in Apache Struts2 Jakarta multipart parser that exposes vulnerable applications to Remote Command Execution attacks. Exploits of this vulnerability can allow attackers to steal critical data or take control of your application servers.

Qualys Web Application Firewall (WAF) 2.0 allows you to create custom security rules to detect and block attacks that try to exploit this vulnerability.

Continue reading …

Simplifying Web Application Security with Qualys Web Application Firewall 2.0

The completely redesigned Qualys Web Application Firewall (WAF) 2.0 provides greater confidence in application security through increased customization, one-click virtual patching ability, simplified controls and stronger security rules. Available now with these and other improvements, WAF 2.0 helps customers fend off hackers’ increasingly common, aggressive and destructive web app attacks.

Continue reading …

Qualys Cloud Platform 2.21 New Features

This release of the Qualys Cloud Platform version 2.21 includes new major releases of both Web Application Firewall and Web Application Scanning. The release also includes numerous updates and new features for AssetView, Cloud Agent, and Security Assessment Questionnaire as follows:

  • AssetView (Version 2.21.0) – One click access to vulnerability details for an asset and Improved filtering options for widgets.
  • Cloud Agent Platform (Version 2.2.0) – Additional tuning parameters for the agent and simplified agent OS support information.
  • Security Assessment Questionnaire (Version 2.6.0) – Improvements to Dynamic Reports, ability to customize Email templates, and ability to edit comments in responses.
  • Web Application Firewall (Version 2.0.0) – Improved virtual appliance, improved integration with Web Application Scanning, a revamped user-interface and simplified security configuration.
  • Web Application Scanning (Version 5.0.0) – Includes initial support for REST based testing, Scanner Appliance Pooling and drastic improvements to Progressive Scanning metrics.

The specific day for deployment will differ depending on the platform. Release Dates will be published on the Qualys Status page when available.

Continue reading …

Qualys Cloud Platform 2.18 New Features

Qualys Cloud Platform release 2.18 includes updates and new features for:

  • Qualys Cloud Platform (Version 2.18.0)
  • AssetView and ThreatPROTECT (Version 2.18.0)
  • Security Assessment Questionnaire (Version 2.3.0)
  • Web Application Scanning (Version 4.12.0)

Continue reading …

Handling Cross-Site Scripting As Attacks Get More Sophisticated

Adopting third-party libraries to encode user input in the development phase and using a web application firewall in the deployment phase could fool web security managers into thinking their web applications are completely safe from Cross-Site Scripting (XSS) attacks. While it’s a good idea to employ these techniques, the illusion of safety could prove costly. These protection methods do not guarantee that your web applications are 100% free of XSS vulnerabilities, and XSS attacks that use more sophisticated techniques still occur, so care should still be taken.

Continue reading …

Qualys WAF 2.0 New Feature

Qualys Web Application Firewall 2.0 (WAF) now supports multiple secure web applications (HTTPS) in the same cluster, through the Server Name Indication (SNI) extension of TLS protocol. Multiple TLS certificates could now be presented on the same WAF Cluster IP, making the configuration and the deployment of multiple secure websites easier and quicker.

Continue reading …

Protect Against the Joomla SQL Injection Vulnerability

Joomla logoA few days ago, SpiderLabs researcher Osaf Orpani disclosed an important vulnerability targeting Joomla, one of the most popular Content Management Systems (CMS). By exploiting this vulnerability, researchers were able to remotely gain full administrative access to the CMS.

Joomla versions 3.2 to 3.4.4 are affected by this major security issue. Since the vulnerability targets the core of the CMS, all websites based on Joomla are vulnerable, whatever the modules used.

Continue reading …

Protection from Unrestricted File Upload Vulnerability

file upload iconHow boring would social networking websites, blogs, forums and other web applications with a social component be if they didn’t allow their users to upload rich media like photos, videos and MP3s?  The answer is easy: very, very boring! Thankfully, these social sites allow end-users to upload rich media and other files, and this makes communication on the world wide web more impactful and interesting.

But user-uploaded files also give hackers a potential entry-point into the same web apps, making their safe handling an extremely important task for administrators and the security team. If these files are not validated properly, a remote attacker could upload a malicious file on the web server and cause a serious breach.

Continue reading …

Magento RCE And Application Security Templates

Part of the responsibilities of the Qualys Web Application Firewall (WAF) security team is to analyze newly disclosed vulnerabilities. We must ensure their correct detection, and when necessary, publish security updates that will be pushed onto customers' sensors so they can be protected. For most vulnerabilities, these changes are only cosmetic. The inspection engine already knows all the classic web attack strategies (SQLi, XSS, …), and typically our patches are about displaying specific messages to warn the customer that a known vulnerability has been targeted.

But occasionally, as in the case of the Magento remote code execution (RCE) vulnerability described by Checkpoint, the vulnerabilities are far more interesting. As I describe in this article, these vulnerabilities are in application-specific protocols on top of the HTTP protocol. That means they are not blockable by standard web application firewalls, and it is necessary to write and deploy custom signatures to block them. Qualys is writing a set of these custom signatures, called "Application Security Templates," to provide accurate inspection for application-specific behaviors and protocols. They extend and enrich the classic HTTP inspection to provide "state of the art" security for the most well-known applications.

Continue reading …

WordPress: When Half of all Websites are Vulnerable

On April 21, WordPress issued a critical security release and “strongly encouraged” their customers to update their webites “immediately.” In general, the use of these alarming terms is symptomatic of a significant threat. And it is indeed.

WordPress is so overwhelming the CMS market that nearly 50% of all websites are based on it. This recent security release fixes multiple vulnerabilities so important that an attacker may be able to obtain administrator access on any of those millions of websites. The most sensitive vulnerability is targeting WordPress version 4.1.1 and earlier.

Continue reading …