Exploit for CVE-2024-4956

CVE-2024-4956 CVE-2024-4956 is a serious path traversal vulne...

Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)

In the ever-evolving cybersecurity landscape, securing web applications and APIs is no longer an option—it’s a necessity. As organizations face increasingly complex threats, ensuring the integrity of these digital assets has become paramount. However, it’s easy to feel overwhelmed by the sheer...

Essential Strategies to Secure Your Web Applications and APIs in a Modern Application Development World

In today’s interconnected digital world, the role of web applications and APIs has become central to business operations, acting as gateways to vast amounts of valuable data and services. However, their widespread use and accessibility make them prime targets for cybercriminals, posing substantia...

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

Upgrade to New UI of Qualys Web Application Scanning (WAS): Bringing You Enhanced Web Application Security

In the dynamic world of cybersecurity, staying ahead means constantly evolving. At Qualys, we understand that the bedrock of outstanding security is continuous improvement and innovation. Thats why were thrilled to announce the latest launch of the new User Interface UI for Qualys Web Application...

Qualys WAS Unveils New Features in an Upgraded User Interface

Qualys Web Application Scanning WAS has been at the forefront of web application and API security innovation, and today, were excited to announce a significant leap - the launch of our New User Interface UI. From improved performance and reliability to cutting-edge technology adoption and enhance...

Building an AppSec Program with Qualys WAS -Introduction and Configuring a Web Application or API: Default Scan Settings

Qualys WAS Web Application Scanning tools stand out as The Leading Dynamic Application Security Testing DAST solutions in the industry. Since it comes with default scan settings, understanding these settings in detail is critical to uncover vulnerabilities effectively. Scan performance and covera...

Qualys API Best Practices: Web Application Scanning API

This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...

Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...

Building an AppSec Program with Qualys WAS – Introduction

Part 1 - Introduction and Configuring a Web Application or API: Basic Information Welcome to our introductory series of blogs where we will take you step-by-step through your application security journey with Qualys Web Application Scanning WAS to build and deploy secure web applications and APIs...

Scanner-and-Patcher - A Web Vulnerability Scanner And Patcher

This tools is very helpful for finding vulnerabilities present in the Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of application'...

Identify Server-Side Attacks Using Qualys Periscope

Qualys previously announced the introduction of Qualys Periscope in 2020. This technology allows Qualys Web Application Scanning WAS to detect out-of-band vulnerabilities such as server-side request forgery SSRF. Qualys Periscope provides confirmed detections for additional vulnerabilities, such ...

Fingerprinting Web Applications and APIs using Qualys Web Application Scanning

Decoding the impact of Fingerprinting Organizations develop an effective, actionable go-to-market plan to launch a profitable product into the target market. A go-to-market strategy predicts market demand by analyzing market research, competitor data, and previous examples. Without a solid...

Creating Awareness of External JavaScript Libraries in Web Applications

Qualys Web Application Scanning WAS routinely reviews and solicits customer feedback regarding vulnerabilities. This may be to enhance the detection or the detections reporting. Previously, all JavaScript libraries detected on an application are reported under the Information Gathering QID 150176...

Optimizing a Web Application Security Scan for bWAPP

Today almost all organizations have an online presence, with more information accessible at the click of a mouse, making customer experiences much more frictionless. Yet the delivery of great experiences also opens the door to potential hackers intent on compromising the website and its APIs...

An End-to-End Approach to Next-Gen Security for Web Applications & APIs

According to Verizon’s 2022 Data Breach Investigations Report, web applications remain both the top hacking vector and data breach pattern, accounting for roughly 70% of security incidents. This is because web applications are everywhere and easily probed for weaknesses. A vulnerability in any...

Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)

Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...

Casdoor SQL Injection (CVE-2022-24124)

On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affected versions before 1.13.1 release. The vulnerability is tracked as CVE-2022-24124 with CVSS V3 7.5 score has a publicly available simple proof of concept which makes it easier for skilled attackers to...

Apache HTTP Server Path Traversal & Remote Code Execution (CVE-2021-41773 & CVE-2021-42013)

On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013. In the advisory, Apache also highlighted “the issue is known to be exploited in the...

pentestdb

This is an offensive tool for penetration testing. It is a Python-based tool called "pentestdb" that provides a collection of tools and resources for penetration testing, including exploit development, vulnerability scanning, and password cracking. The tool is designed to be easy to use and...