• WAF SSL - Converting .pfx Certificate and Key files to Qualys WAF-compatible files

    When deploying Qualys WAF, the Portal needs to have encryption certificates and keys in the PEM format.  However, oftentimes (particularly when using Microsoft servers), you'll see an integrated certificate and k...
    Steve McBride
    last modified by Rémi Le Mer
  • WAF - Configuring your Application for SSL

    Qualys WAF includes comprehensive support for encrypted web applications and, while configuration is very simple, there are a few key concepts to keep in mind to properly configure a web application for SSL support. &...
    Steve McBride
    last modified by Rémi Le Mer
  • Progressive Scanning Explained

    Progressive scanning is a feature within Qualys Web Application Scanning (WAS) that is now available to all customers. The intent and goal of progressive scanning is to add a mechanism to effectively scan very large w...
    Dave Ferguson
    last modified by Dave Ferguson
  • Viewing Web Application Response Headers For Validating QIDs

    Introduction Response Headers QIDs Response Headers and Redirects Methods to View Response Headers Method 1: Chrome Browser Developer Tools Method 2: Firefox Browser Web Developer Method 3: OWASP...
    John Delaroderie
    last modified by John Delaroderie
  • WAS Engine 7.1 Released

    Greetings all!   WAS Engine 7.1 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine. ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS Update - Portal 2.40

    Greetings all!   A new version of Qualys WAS is now available.  It is part of Portal 2.40 - aka Qualys Cloud Platform 2.40 release - and it's being deployed to all shared platforms over the next few days.&#...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 7.0 Released

    Greetings all!   I'm pleased to announce that WAS Engine 7.0 has been released to all Qualys shared platforms.  This new version adds support for TLS 1.3.  A huge amount of testing went into this relea...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys Browser Recorder v1.1.6 Now Available

    Greetings all -   I'm pleased to announce that Qualys Browser Recorder (QBR) version 1.1.6_6 has been released.  First released by Qualys in 2018, QBR is an extension for the Chrome web browser that allows ...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys WAS update - Portal 2.39

    Greetings!   A new version of Qualys WAS is now available.  Portal 2.39 - aka Qualys Cloud Platform 2.39 release - is being deployed to all shared platforms this week and includes UI and API changes for WAS...
    Dave Ferguson
    last modified by Dave Ferguson
  • Blind Elephant Supported Detections

    The static-file web application fingerprinting function of Qualys Suite, which is based on the open-source project Blind Elephant, detects the following web applications, plugins and extensions:     Open Sou...
    Robert Dell'Immagine
    last modified by Robert Dell'Immagine
  • WAS Engine 6.7 Released

    Greetings!   WAS Engine 6.7 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  Th...
    Dave Ferguson
    last modified by Dave Ferguson
  • Qualys Browser Recorder v1.1.4 Now Available

    Greetings all -   I'm pleased to announce that a new version of Qualys Browser Recorder (QBR) is now available.  QBR version 1.1.4_4 includes numerous bug fixes and usability improvements.  First relea...
    Dave Ferguson
    last modified by Dave Ferguson
  • New Detection for RCE in Apache Tomcat on Windows

    Hello all   Qualys WAS has been updated with a new detection for CVE-2019-0232, a remote code execution (RCE) vulnerability in Apache Tomcat running on Microsoft Windows.  This is a very serious vulnerabilit...
    Dave Ferguson
    last modified by Dave Ferguson
  • Using Qualys WAF 2.0 to Protect Against Critical Apache Struts2 Vulnerability ( CVE-2017-5638 )

    On March 7, 2017, a critical vulnerability (CVE-2017-5638) in Apache Struts2 Jakarta multipart parser was disclosed, that exposes vulnerable applications to Remote Command Execution attacks. Exploits of this vulnerabi...
    Vikas Phonsa
    last modified by Robert Dell'Immagine
  • Protect Against Critical IIS 6.0 Buffer Overflow vulnerability (CVE-2017-7269) with Qualys WAF

    Security researchers have disclosed a Buffer Overflow vulnerability (CVE-2017-7269) in the Microsoft Internet Information Service (IIS) 6.0 web server included in the Windows Server 2003 R2. Qualys Web Applicatio...
    Vikas Phonsa
    last modified by Robert Dell'Immagine
  • Qualys Web Application Firewall Video Series

    The Qualys Web Application Firewall video series introduces you to some of the key features of Qualys WAF.   New Web Application Firewall Innovations (25 mins) Spot and Patch Web App Vulnerabilities in One...
    Robert Dell'Immagine
    last modified by Robert Dell'Immagine
  • Web Application Firewall

    Web Application Firewall Qualys Web Application Firewall protects web sites against attacks on server vulnerabilities and web app defects; makes it possible to strongly secure web apps against cross-site scripting (XS...
    Robert Dell'Immagine
    last modified by Robert Dell'Immagine
  • WAS Engine 6.6 Released

    Hello all -   WAS Engine 6.6 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  T...
    Dave Ferguson
    last modified by Dave Ferguson
  • WAS Engine 6.2 Released

    Hello all -   WAS Engine 6.2 has been released to all Qualys platforms including private cloud platforms.  This new release is part of our ongoing effort to continuously improve the WAS scanning engine....
    Dave Ferguson
    last modified by Dave Ferguson
  • New Detection for RCE in Drupal Core 8.5.x and 8.6.x

    Hello all   The Qualys WAS scanning engine has been updated with a new detection for CVE-2019-6340, a remote code execution (RCE) vulnerability in the Drupal CMS.  To exploit this vulnerability, an attacker&...
    Dave Ferguson
    last modified by Dave Ferguson