Qualys: September 2008 Archives

QualysGuard PCI 3.0 Helps Merchants Meet Now Mandatory PCI Requirement

QG-PCI.gif

QualysGuard PCI 3.0 now with a Web Application Scanning (WAS) module, combines the application's traditional compliance scanning, remediation and e-filing capabilities with automated web application scanning.  This advancement helps merchants in their efforts to effectively meet requirement 6.6 for maintaining secure web applications. Specifically, the WAS module evaluates web applications before and after deployment. This ensures that the applications are built and maintained in a secure way. Delivered via Software-as-a-Service (SaaS), the WAS module fully automates the scanning of vulnerability types within customized code and allows customers to crawl web applications, identify cross-site scripting vulnerabilities, isolate SQL injection attacks and conduct authenticated and unauthenticated scanning.

Read Press Release
Read Technical Brief
By
Qualys
on September 30, 2008 2:07 PM | | Send us your feedback on this story

PCI DSS 1.2 Spec Released

PCI-DSS_1-2.gif

PCI DSS 1.2 represents an update to the original 12 requirements found in PCI DSS version 1.1.  The intent of the latest specification is to clarify existing requirements and provide clarification and flexibility in terms of interpretation of the standard.

  • Guidance around scope of PCI DSS and elaborate on segmentation of Cardholder data environment 
  • Clarification of wireless technology requirements and provide sunset date for use of WEP - All WEP implementations must be discontinued as of June 30, 2010 
  • Clarification around requirement 6.6 for web application security to remove references to source code review and add use of automated assessment tools 
  • Require employees that interact with cardholder data to review and accept security policy annually
  • Compensating controls should now be reviewed and validated annually by a qualified assessor 
  • Flexibility for incorporation of evolving technologies and threats 
  • Announcement of Quality Assurance program for assessors

Listen to Podcast
Read Summary

Related Coverage:
Credit-Card Security Standard Issued After Much Debate, by Ellen Messmer, Network World
Payment Card Security Toughens With DSS 1.2 Release, by Jabulani Leffall, Redmond
By
Qualys
on September 30, 2008 2:03 PM | | Send us your feedback on this story

Hot or Not: What You Need to Know to Keep Mac OS X Secure

SC-Mag-Hot-or-Not.gifWhen it comes to security, Apple isn't sitting still. Amol Sarwate, guest columnist for SC Magazine's Hot or Not column looks at some of the new features inherent in OS X 10.5 that help keep the system secure. According to Apple, these security enhancements were added to 10.5, released last fall:

  • Tagging and first-run warning: Mac OS X 10.5 marks files that are downloaded to help prevent users from inadvertently running malicious downloaded applications. 
  • Runtime protection: New technologies such as execute disable, library randomization, and sandboxing help prevent attacks that try to hijack or modify system software. 
  • Improved firewall: After the new application firewall is activated, the firewall configures itself so that users get the benefits of firewall protection without having to understand the details of network ports and protocols.
  • Mandatory access control: These enforce restrictions on access to system resources. Not even a compromised "root" user can change some settings.
  • Application signing: This enables users to verify the integrity and identity of applications on the Mac. 
  • Improved secure connectivity: Virtual private network (VPN) support has been enhanced to connect to more of the most popular VPN servers-without additional software.
Read More
By
Qualys
on September 25, 2008 4:51 PM | | Send us your feedback on this story

Qualys Named One of America's Fastest-Growing Private Companies by Inc. Magazine for the Second Consecutive Year

Inc-5000.gifThe recognition also highlights Qualys as the 25th-fastest growing security company. With 323 percent sales growth over the last three years, Qualys continues to benefit from the increased adoption of its Security-as-a-Service model by large enterprises to SMBs worldwide.

Read More
By
Qualys
on September 25, 2008 4:45 PM | | Send us your feedback on this story

Qualys Gets Frost & Sullivan Global Growth Strategy Leadership Award

Don-McCauley-F+S-Award.gif

The Frost & Sullivan award honors Qualys for its exceptional long-term growth strategy and credits the Company as "a crucial force in furthering the acceptance of Software-as-a-Service (SaaS) products."

"As the market shows signs of maturity, Qualys' ability to increase market share, grow at consistently high rates and retain an astoundingly high percentage of its impressive customer base solidifies its leading role in the vulnerability management market. In a million-dollar breach reality, the reliability of QualysGuard and the appeal of its SaaS delivery model sets the company apart in a very highly-competitive market," says Chris Rodriguez, research analyst with Frost & Sullivan.

Read More
By
Qualys
on September 25, 2008 4:42 PM | | Send us your feedback on this story

Hot or Not: Web Application Firewalls for Security and Regulatory Compliance

SC-Mag-Hot-or-Not.gifQualys Vulnerabilities Research Lab manager, Amol Sarwate, recently discussed Web application firewalls (WAF) for security and regulatory compliance in SC Magazine's Hot or Not feature.  In the feature, Amol provides considerations to ensure the proper WAF is chosen to fit an organizations specific needs. Readers are also pointed to the Open Web Application Security Project (OWASP) which provides an abundance of Web application security educational information including the top 10 most prevalent web application attacks.

Read More
By
Qualys
on September 25, 2008 4:27 PM | | Send us your feedback on this story

Microsoft Patch Tuesday: September 2008 Security Bulletin

Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on September 9, 4 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

- Microsoft Windows GDI+ Remote Code Execution Vulnerability
- Microsoft Windows Media Encoder 9 Remote Code Execution Vulnerability
- Microsoft Windows Media Player Remote Code Execution Vulnerability
- Microsoft Office Remote Code Execution Vulnerability
Read Alert
Listen to Podcast

Related Coverage:
Patch Tuesday Addresses Eight Critical Vulnerabilities, by Jennifer LeClaire. Newfactor.com

By
Qualys
on September 11, 2008 12:30 PM | | Send us your feedback on this story

Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using QualysGuard

SANS-Reading-Room.jpgIndependent author Tim Proffitt writes his thesis, as part of his GIAC certification requirements, on how large companies should implement a Vulnerability Assessment Program using QualysGuard. The white paper is hosted in the SANS Institute Reading Room, and provided by SANS as a resource to benefit the security community at large.

In this paper Tim Profitt provides a step-by-step guide for implementing a Vulnerability Assessment Program using QualysGuard, including background and recommendations on how to:

- Create Security Policies and Controls 
- Categorize Assets  
- Discover Assets  
- Configure Hosts and Assets 
- Configure Scan Details  
- Report on Your Results  
- Rank Your Risks and Remediate 
- Handle Verification and False Positives 
- Meet  Compliance
Read White Paper
By
Qualys
on September 9, 2008 11:25 AM | | Send us your feedback on this story
« Qualys: August 2008 | Main Index | Archives | Qualys: October 2008 »