Kubernetes user privilege elevation vulnerability, the exposure to security risks-vulnerability warning-the black bar safety net

Recently, Kubernetes open source container software found a key of a user privilege elevation vulnerability, CVE-2018-1002105, which software is today most of the cloud infrastructure of the fixed component. This vulnerability can allow an attacker unrestricted remote access, steal data, or cause...

Capital One: Building Security Into DevOps

Capital One prides itself on staying at the forefront of IT innovations to give its business a competitive edge. For example, it adopted Agile software-development methodologies years ago, and uses artificial intelligence and machine learning. It was the first bank to implement a mobile wallet wi...

Infosec Teams Race To Secure DevOps

With DevOps adoption spreading, infosec teams are scrambling to address the new security challenges stemming from DevOps’ accelerated code development and app deployment. But while IT organizations have made notable progress adapting security to their DevOps processes, work remains to be done...

ThreatList: One-Third of Firms Say Their Container Security Lags

Even as companies move to embrace cloud deployments and containers, most organizations with such deployments don’t feel prepared to adequately secure cloud-native applications. According to StackRox’ State of Container Security report, which polled about 230 respondents in the U.S., more than a...

NodeJsScan - A Static Security Code Scanner For Node.js Applications

Static security code scanner SAST for Node.js applications. Configure & Run NodeJsScan Install Postgres and configure SQLALCHEMYDATABASEURI in core/settings.py pip3 install -r requirements.txt python3 migrate.py Run once to create database entries required python3 app.py Testing Environment...

Critical WordPress Plugin Flaw Grants Admin Access to Any Registered Site User

Another day, another critical WordPress plugin vulnerability. The popular AMP for WP plugin, which helps WordPress sites load faster on mobile browsers, has a privilege-escalation flaw that allows WordPress site users of any level to make administrative changes to a website. The plugin, which has...

QSC18 Day 1 Takeaway: Continuous Transformation Demands Continuous Security

The first day of Qualys Security Conference 2018 was a big one. Both CEO Philippe Courtot and Qualys chief product officer Sumedh Thakar detailed the challenges faced by many of today’s enterprises when it comes to the growth of cloud and the complexity of their hybrid environments. And they shar...

Welcome to Qualys Security Conference 2018

The rise of cloud computing coupled with DevOps is forcing enterprises to rewrite their cybersecurity playbook, and part of that book will be written this week at Qualys Security Conference 2018 in Las Vegas. Today, the dual cloud and DevOps mega-trends are helping companies to digitally transfor...

MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...

Black Hat USA 2018 Best Practices Videos

Watch the presentations from the Qualys booth at Black Hat USA 2018, available online now. Learn how your peers are securing their environments and see the breadth and depth of Qualys solutions. Industry-Leading Best Practices Qualys customers explain how they run their industry-leading security...

BlackHat Week is Coming Up

It’s that time of the year again and our team is packing up to go to Las Vegas. Our theme this year is DevSecOps. As companies are embracing DevOps processes, adopt continuous development and continuous integration and follow the agile methodology, it becomes obvious that the old security model o...

How to Solve the Developer vs. Cybersecurity Team Battle

There is an ongoing tension between developers and security teams in many organizations. On one hand, developers face mounting pressure to build rich, feature-driven applications on nearly impossible timelines to remain competitive. On the other hand, security teams face rising pressures of their...

GDPR Is Here: Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU’s General Data Protection Regulation GDPR. GDPR went into effect in May, imposing strict requirements on millions of businesses worldwid...

QSC18 Virtual Edition – Building Security In: The Qualys Cloud Platform and Architecture

Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys' Chief Product Officer, said during QSC18 Virtual Edition. Specifically, organizations can organicall...

Want better apps? You need a (agile security) hero!

If weve learned anything from the rise of Marvel Cinematic Universe, its that good things tend to happen when heroes intervene. For securing new applications, this metaphor is a useful one because security isnt always top-of-mind for scrum teams, nor is it always conducive to meeting aggressive...

DevSecOps: Practical Steps to Seamlessly Integrate Security into DevOps

To properly and effectively protect DevOps pipelines, organizations can’t blindly apply conventional security processes they’ve used for traditional network perimeters. Since DevOps’ value is the speed and frequency with which code is created, updated and deployed, security must be re-thought so...

Qualys WAS Introduces Swagger Support for REST API Security Testing

In the world of application security, testing REST APIs for security flaws is important because APIs can have many of the same application-layer vulnerabilities as browser-based web applications. Examples are SQL injection, command injection, and remote code execution. With the recent release of...

Call For Customer Presentations at Black Hat USA 2018!

Tell your security story to your peers at Black Hat USA 2018! Qualys is looking for customers excited to share their security and DevSecOps successes, best practices for building security into modern enterprises and case studies leveraging the use of the Qualys Cloud Platform. Take the stage in t...

DevOps-Ready WAF: Scaling Security for a More Agile Environment

With the maturation of DevOps, the growing concern around the security and compliance of more agile application development systems has made 2018 the year for DevSecOps. According to a study by Gartner, over 80% of development teams will have embedded DevSecOps by 2021. When evaluating how a WAF...

Countdown to GDPR: For GDPR Compliance, Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU's General Data Protection Regulation GDPR. First discussed in the 1990s and turned into law in 2016, GDPR goes into effect in May of thi...