Qualys Blog

www.qualys.com
Robert Dell'Immagine

Top 13 of ’13: Qualys Community

It’s time for the Top 13 of '13 — the most popular and most viewed blog posts, discussions, new product features, technical documents and videos that were contributed, read, updated, and commented on in 2013 by the Qualys Community of security professionals.

Many thanks to all the Qualys Community members and site visitors for building out the reference library and active conversations that comprise Qualys Community!


Top 13 Blog Posts

  1. Automate the delivery of security intelligence for new assets
  2. Automate Host Discovery with Asset Tagging
  3. Announcing WAS 3.0 with Malware Detection and Burp Suite Integration
  4. Add Pen Testing to Web App Scanning for More Security
  5. RC4 in TLS is Broken: Now What?
  6. SSL Labs: Deploying Forward Secrecy
  7. Is BEAST Still a Threat?
  8. Configuring Apache, Nginx, and OpenSSL for Forward Secrecy
  9. Hacking into WordPress Using a Vulnerable Plug-in
  10. Defending against the BREACH Attack
  11. September 2013 – New IE 0-day – Update
  12. Updated SSL/TLS Deployment Best Practices Deprecate RC4
    – this is my personal favorite, because the best practices guide is so clear.
  13. Plus 8 blog posts from Qualys Security Conference 2013

See the most current blog posts.

Top 13 Discussion Threads

  1. VM: Generating report with both confirmed vulnerabilities & potential vulnerabilities
  2. VM: Disabling NULL sessions as a best practice
  3. VM: Populating Asset Lists from Excel
  4. VM: Authenticated scans vis-a-vis real vulnerabilities
  5. VM: Identify hosts in multiple scan asset groups
  6. PC: How to Identify Unwanted Applications (Policy Compliance)
  7. PC: Use of Remote Registry Service to scan Windows servers
  8. PCI: How to change the user authorized to run PCI scans in QualysGuard
  9. WAS: Adding Web Applications from a List
  10. WAS: Crawl Exclusion List
  11. API: Powershell module integrates QualysGuard w/ 3rd-party ticketing systems
  12. API: Give Users Access to Reports via API
  13. API: Proactively managing Qualys API call concurrency

Plus three extras from SSL Labs:

  1. SSL: Why is disabling TLS 1.2 being recommended
  2. SSL: How to enable Forward secrecy using Apache 2.2/OpenSSL 1.0.1 and Firefox 10 ESR?
  3. SSL: Adding ECDHE parameters to an SSL Certificate file

See the most current discussion threads.

New Product Features in 2013

  1. QualysGuard 7.12 Update: Multiple New Enhancements
  2. QualysGuard 7.12 New Features
  3. QualysGuard 7.11 Update: New Vulnerability Notification Feature
  4. QualysGuard 7.11 New Features
  5. QualysGuard 7.10 New Features
  6. QualysGuard 7.9 Release Notification: Available April 19, 2013
  7. QualysGuard 7.8: New Vulnerability Scorecards
  8. QualysGuard WAS 3.1 New Features
  9. Announcing WAS 3.0 with Malware Detection and Burp Suite Integration
  10. QualysGuard WAS 2.4.2: March 5, 2013
  11. QualysGuard WAS 2.4.1: January 31, 2013
  12. Add Pen Testing to Web App Scanning for More Security
  13. BrowserCheck Business Edition Adds "No Plugin" Download Option
  14. Qualys BrowserCheck Adds Automatic Daily Scanning and Improved MacOS Support

Top 13 Technical Documents and Developer Scripts

Technical Documents:

  1. QualysGuard WAS and OWASP TOP 10
  2. How to find rogue devices on your network
  3. How much does it cost to run a QualysGuard Virtual Scanner Appliance on Amazon EC2?
  4. Change the Name of Your Appliance
  5. Qualys scanner appliance hardware specification
  6. SAML Frequently Asked Questions (FAQ)

See LOTS MORE support articles and how-to’s in the Help Center.

Developer Scripts:

  1. python-qualysconnect: A Python QualysGuard(R) Helper Package updated with API v2 calls via BasicAuth
  2. QGIR: QualysGuard Integration with Reporting
  3. Qualys API client examples
  4. Script: Parse QualysGuard VM maps for live IPs not currently subscribed.
  5. Script: Excluding non-running kernel vulns when downloading data via API
  6. Automate multiple WAS scanning
  7. Exporting the Vulnerability KnowledgeBase to an external Database

See all developer content in the Developer Community.

QualysGuard Video Series

All video series are new or updated in 2013!

  1. Express Lite
  2. Questionnaire Service
  3. Vulnerability Management
  4. Policy Compliance
  5. Web Application Scanning
  6. Malware Detection Service
  7. Best Practice Videos

Plus a bonus video: DHS Director John Streufert Keynote from Qualys Security Conference 2013

Qualys wishes you a happy, productive, and secure 2014!

Leave a Reply