New Web Application and Client-Side Application Vulnerabilities Scan Available at >https://sans20.qualys.com
Slough, UK - 28 November, 2007 - Qualys, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2007 that was announced earlier today. The SANS Top 20 is designed by the SANS Institute and security experts from industry and government to provide organisations with a prioritised list of newly discovered exposures to their networks. Qualys’ free scan for the 2007 SANS Top 20 is available at https://sans20.qualys.com.
“Our list of the Top 20 vulnerabilities exemplifies the most important cyber security risks – the ones that throughout the year have had the highest profile of damage to individuals, corporations and government agencies,” says Alan Paller, Director of Research, SANS Institute. “We are enormously appreciative of Qualys, both for its contributions to the Top 20 research and for making a free testing tool available that indicates whether systems are vulnerable to the Top 20.”
In its seventh year of issuing the Top 20 Internet Security Risks, this year’s SANS list reveals a continued shift from server-side to client-side vulnerabilities, as illustrated by numerous zero-day threats in popular end user applications such as Internet Explorer, Windows Media Player and Adobe. Another rising trend in 2007 is an increase in vulnerabilities relating to web applications such as Wiki’s, portals or those that provide access to backend databases and banking applications. This is due in part to the fact that developing web applications is an intricate process and the combined complexity and flexibility of web development tools, such as Java, .Net, Perl, PHP, Ruby, and others, make it easy for development mistakes to become exploitable security holes. Attackers have increasingly used techniques such as cross-site scripting to exploit not only the information stored within the web application itself but as a launch pad to internal network segments and servers and even end user systems.
“The SANS Top 20 list is an effective tool in helping businesses prioritise their efforts to address the most current and pervasive security vulnerabilities,” said Amol Sarwate, Manager of the Vulnerability Research Lab at Qualys and a returning contributing member to the SANS Top 20. “As a service to our customers and the security community as a whole, Qualys supports the SANS Institute and we are glad to share our research in vulnerability management to help organisations address the increasing threats in client-side and web application vulnerabilities and overall prevention of the most criminal and harmful attacks.”
Sarwate, along with forty-three security experts from government, industry and academia in a half dozen countries cooperated to produce the consensus. Their names are listed in the Top 20 which is available online at www.sans.org/top20\.
Qualys’ on demand model provides customers with immediate vulnerability updates, such as the Top 20 listing, without the need for installing software or providing additional infrastructure. In addition to the free scan, the QualysGuard® service detects new exposures in the SANS Top 20.
Qualys, Inc. is the leading provider of on demand security risk and compliance management solutions. Qualys is the only security company that delivers these solutions through a single Software as a Service platform. QualysGuard® allows organisations to strengthen the security of their networks and conduct automated security audits to ensure compliance with policies and regulations. As a scalable and open platform, QualysGuard enables partners to broaden their managed security offerings and expand their consulting services. Qualys’ on demand solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate view of their security and compliance posture. QualysGuard is the widest deployed security on demand solution in the world, performing over 150 million IP audits per year.
For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.