Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...

AZL-9891 CVE-2022-30115 affecting package curl for versions less than 7.83.1-1

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...

MGASA-2017-0104 Updated wget packages fix security vulnerability

Wget up untill version 1.19.1 does not ensure control characters are not used in the hostname part of a url. This security update rejects control characters in host part of a url...

CVE-2014-9279

The printtestresult function in admin/upgradeunattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL...

SOL6916 - Case change in URL host name circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...