Here are the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2012 by the Qualys Community of security professionals.
Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!
Top 10 Blog Posts
- Mitigating the BEAST attack on TLS
- Lessons Learned from Cracking 2 Million LinkedIn Passwords
- Are you ready for slow reading?
- TLS Renegotiation and Denial of Service Attacks
- CRIME: Information Leakage Attack against SSL/TLS
- How I Knocked Down 30 Servers from One Laptop
- Protocol-Level Evasion of Web Application Firewalls
- Passing the Internal Scan for PCI DSS 2.0
- Android Security Evaluation Framework: ASEF
- New Java 0-Day Disclosed
See the most current blog posts.
Top 10 Discussion Threads
- How to enable TLS 1.1 & 1.2 on OpenSSL & SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability
- PCI Failure for CVE-2011-3389 (BEAST Attack) & BEAST vulnerability detection
- ssllabs.com’s own Apache SSL Config Directives
- Web Server Vulnerable to Redirection Page Cross-Site Scripting Attacks
- How to create a Linux user
- Hidden RPC services error
- Anybody notice an uptick in "NetBIOS Shared Folder List Available" vulnerability?
- FIPS-Ready checks
- Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache
See the most current discussion threads.
New Product Features in 2012
- QualysGuard 7.7
- Introducing QualysGuard Dynamic Asset Tagging and Management
- QualysGuard 7.6
- QualysGuard 7.5
- QualysGuard 7.4
- QualysGuard 7.3
- QualysGuard 7.2
- QualysGuard 7.1
- QualysGuard 7.0
- QualysGuard WAS 2.4
- QualysGuard WAS 2.3.2
- QualysGuard WAS 2.3.1
- QualysGuard WAS 2.3
- QualysGuard MDS Enterprise Edition 2.1
- Automatic Scanning is now part of BrowserCheck Business Edition
- Safe Browsing with Qualys BrowserCheck
Top 10 Technical Documents
- BrowserCheck FAQ
- QID 90780 FAQ: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability
- Reference: QualysGuard Virtual Scanner Appliance
- Verify QID 38140 – SSL Server Supports Weak Encryption Vulnerability
- QualysGuard API Sample Code
- How is QID 38142 – SSL Server Allows Anonymous Authentication Vulnerability detected?
- How does vulnerability scanning work?
- How does UDP port scanning and service detection work?
- How does QualysGuard mapping work?
- UPDATE: QID 38171 “SSL Certificate – Server Public Key less than 2048 bit”
- Bonus document: QualysGuard Virtual Scanner Appliance: Platform Qualification Matrix
See LOTS MORE support articles and how-to’s in the Help Center.
Top 5 Videos
- QualysGuard Vulnerability Management Video Series
- QualysGuard Policy Compliance Video Series
- QualysGuard Web Application Scanning Video Series
- QualysGuard Malware Detection Service Enterprise Edition Video Series
- Best Practice Videos
Qualys wishes you a happy, productive, and secure 2013!