contents

business
 
Free Qualys Security Scan Available for the New SANS Top 20

Qualys announces the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2007 that was announced earlier yesterday. The SANS Top 20 is designed by the SANS Institute and security experts from industry and government to provide organizations with a prioritized list of newly discovered exposures to their networks.

In its seventh year in issuing the Top 20 Internet Security Risks, this year's SANS list reveals a continued shift from server-side to client-side vulnerabilities, as illustrated by numerous zero-day threats in popular end user applications such as Internet Explorer, Windows Media Player and Adobe. Another rising trend in 2007 is an increase in vulnerabilities relating to Web applications such as wikis, portals or those that provide access to backend databases and banking applications. This is due in part to the fact that developing Web applications is an intricate process, and the combined complexity and flexibility of Web development tools, such as Java, .Net, Perl, PHP, Ruby, and others, make it easy for development mistakes to become exploitable security holes. Attackers have increasingly used techniques such as cross-site scripting to exploit not only the information stored within the Web application itself, but as a launch pad to internal network segments and servers, and even end user systems.

Qualys' on demand model provides customers with immediate vulnerability updates, such as the Top 20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard service detects new exposures in the SANS Top 20.



write your comments about the article :: © 2007 Computing News :: home page