REDWOOD CITY, Calif., July 25, 2013 – Qualys®, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that its researchers will present at Black Hat USA 2013, Security B-Sides Las Vegas and DEF CON sessions next week in Las Vegas, Nev. The sessions include the release of a new policy to prevent cross-site request forgery (CSRF) attacks of web sites, research on surveillance camera vulnerabilities that allow hackers to take control of video feeds, and release of a new tool to help identify web application bottlenecks.
At Black Hat USA 2013, taking place in Caesar’s Palace, July 27-August 1, Qualys researchers will present:
|**SESSION:**||[Dissecting CSRF Attacks & Countermeasures](http://www.blackhat.com/us-13/briefings.html#Shema)|
|**DATE:**||Thursday, Aug. 1 at 11:45 a.m. PT|
|**SPEAKERS:**||Mike Shema, director of engineering, Qualys Vaagn Toukharian, principle engineer for Qualys|
|**OVERVIEW:**||CSRF is a type of malicious exploit against a website where unauthorised commands are executed from a user that a website trusts. This session includes a demonstration of attacks and countermeasures, and proposes a new header-based policy to prevent CSRF attacks. The solution focuses on simplicity to make it easier to retrofit current website applications.|
Security B-Sides Las Vegas, taking place at The Tuscany Suites and Casino, July 31-August 1, will feature:
|**SESSION:**||You Are Being Watched!|
|**DATE:**||Wednesday, July 31 at 11:00 a.m. PT|
|**SPEAKER:**||Bharat Jogi, vulnerability engineer, Qualys|
|**OVERVIEW:**||Wireless IP-connected video cameras serve as eyes inside the halls of thousands of corporate offices and homes. But it turns out that these surveillance devices are open to remote attacks. Qualys researcher Bharat Jogi will talk about how he uncovered holes in a popular network video recorder system, and how these vulnerabilities can be exploited to remotely control the camera feeds.|
DEF CON, taking place at the Rio Hotel, August 1-4, includes:
|**SESSION:**||HTTP Time Bandit|
|**DATE:**||Friday, August 2 at 2:20 p.m. PT|
|**SPEAKERS:**||Vaagn Toukharian, principle engineer, Qualys Tigran Gevorgyan, engineering manager, Qualys|
|**OVERVIEW:**||While web applications have become richer to provide a higher level user experience, they run increasingly large amounts of code on both the server and client sides. A few of the pages on the web server may be performance bottlenecks. This session presents a tool to identify weaknesses and the most resource consuming pages of applications.|
Also next week at Black Hat, Qualys will showcase security leaders from global organisations, including Adobe, Australia Post and Daimler AG, sharing security best practices in the Qualys booth (#401) at the conference. For the full booth schedule, visit: www.qualys.com/blackhat.
Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organisations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organisations worldwide. The company is also a founding member of the Cloud Security Alliance Security Alliance (CSA).
For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.