Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Researchers to Present Three Sessions at Black Hat USA 2010

New Research Will Unveil Data on Web Sites’ Malware, Web Application Security and the State of SSL on the Internet

Redwood City, Calif. - July 21, 2010 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced that three of its security researchers will each present at Black Hat USA 2010, which takes place July 24- 29 at Caesars Palace in Las Vegas.

**Session:** [BlindElephant: WebApp Fingerprinting and Vulnerability Interfacing](
**Speaker:** [Patrick Thomas](, Information Security Researcher for Qualys
**Date:** Wednesday, July 28 at 3:15 p.m. PT
**Location:** Augustus 5+6 (Malware/+Fingerprinting Track)
**Details** During this session, Thomas will discuss remote web application fingerprinting and illustrate the use of the detection technique on a number of well-known web sites to show what applications and plug-ins are installed and what vulnerabilities reside on these sites. Thomas will describe the new technique with more examples and provide a similar presentation at [DefCon on Friday, July 30 at 2 p.m. PT.](
**Session:** [State of SSL on the Internet: 2010 Survey, Results and Conclusions](
**Speaker:** [Ivan Ristic](, Director of Engineering for Qualys and creator of ModSecurity
**Date:** Thursday, July 29 at 10:00 a.m. PT
**Location:** Forum 24 (Big Picture Track)
**Details** Ristic will unveil the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. In his talk, he will present the assessment methodology, the rationale and the results.
**Session:** [NEPTUNE: Dissecting Web-Based Malware via Browser & OS Instrumentation](
**Speaker:** [Rami Kawach](, Software Architect for Qualys
**Date:** Thursday, July 29 at 3:15 p.m. PT
**Location:** Neopolitan 1+2+3+4 (Reverse Engineering Redux Track)
**Details** NEPTUNE is the code name for a project sponsored by Qualys to build an automatic malware analysis engine and deliver it as a free tool for the industry. In his session, Kawach will walk through two real world examples of web-based attacks and enumerate the APIs necessary to detect and de-obfuscate the attack. Additionally, he will discuss in detail the DETOURS library in comparison with traditional API hooking and compare NEPTUNE’s main strategies for the detection of malware.

In addition, Wolfgang Kandek, Qualys CTO, will participate in the Cloud Security Alliance (CSA) Summit at Black Hat and will co-present with Jeremiah Grossman, CTO of WhiteHat Security, on CSA Application Security Findings. This talk will occur in Forum 25 on Wednesday, July 28 at 11:00 a.m. PT.

The complete presentations and research will be available immediately following each session at the new Qualys Community (, which will also be unveiled during the conference.

Media and analysts interested the latest Qualys data and research or in speaking with Qualys, please email or call (415) 817-2562.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85 countries, including 42 of the Fortune Global 100 and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson
Contact: Melinda Marks
Qualys, Inc.
(650) 801-6242

Contact: Matthew Grant
Schwartz Communications for Qualys
(415) 817-2562

For all other matters

Media Contact:
Tami Casey