Security Bloggers Meet Up 09 in London are proud to have Qualys as a confirmed sponsor.

As you are all more than aware in just 3 weeks time on the 20th October 2009 at the Fountains Abbey in London the RSA Security Bloggers Meet Up will be occurring. This event would not be a success without our sponsors, and we are proud to have Qualys as a confirmed sponsor.

If for some reason your not familiar with Qualys, here is some information on what they are about, and what they have to offer.

Qualys

Qualys® provides the technology that organizations of all sizes need to cost-effectively ensure that their business-technology systems and applications remain highly secure and within regulatory compliance. In recent years, the demands on companies and government agencies to keep their networks and applications secure from attacker exploits that threaten the security of their proprietary information—and the information they hold about their customers—have skyrocketed. Not only has the dependence on IT systems increased for nearly every business, but so have the financial motivations of criminals to breach those systems and applications.

The result is an increase in the sophistication of attacks that jeopardize the confidentiality, integrity, and availability of applications, data, and critical business networks. At the same time, the demands of regulatory compliance have risen dramatically, affecting nearly every organization—from small Internet merchants to multinational corporations.

Through its Software-as-a-Service (SaaS) IT security risk and compliance management solutions, Qualys makes it possible for organizations to strengthen the security of their networks and conduct automated security audits that ensure regulatory compliance and adherence to internal security policies. Qualys is the only security company that delivers these solutions through a single SaaS platform that it pioneered back in 1999—QualysGuard®.  All of Qualys’ SaaS solutions can be deployed on demand within hours anywhere around the globe, providing customers an immediate view of their security and compliance posture. As a result, QualysGuard is the most widely deployed security on demand solution in the world, performing more that 200 million audits per year.

Qualys attributes it phenomenal growth over the past 10 years to its customers, who have recognized the benefits of the SaaS model and have embraced it at the heart of their IT security and compliance efforts.

QualysGuard Security and Compliance SaaS Suite

The QualysGuard Security and Compliance Suite is comprised of the following products, all of which are delivered as a service with no new software to deploy or infrastructure to maintain:

–         QualysGuard Vulnerability Management—Qualys’ full lifecycle solution for discovering all devices and applications across the network, while identifying and mitigating vulnerabilities that make network attacks possible.

–         QualysGuard Policy Compliance—Qualys’ IT compliance solution helps organizations automate the collection of compliance data from systems and applications and tie it to corporate security policies, laws and regulations, enabling them to satisfy the requirements of internal and external auditors.

–         QualysGuard Web Application Scanning (WAS)—Qualys’ WAS provides automated crawling and testing for custom web applications to identify and remediate cross-site scripting and SQL injection vulnerabilities. The automated nature of the service enables regular testing that produces consistent results, reduces false positives and easily scales for large numbers of web sites.

–         QualysGuard PCI Compliance— Qualys’ PCI compliance application dramatically streamlines the PCI compliance process. QualysGuard PCI provides small and medium-sized businesses with enterprise-level scanning and reporting, while enabling large corporations to facilitate PCI compliance on a global scale.

The Pioneer in SaaS Security Solutions

Qualys was founded at the height of the technology bubble, in 1999, when network security was just beginning to appear on the agendas of executive management meetings around the globe. The company launched QualysGuard in December 2000, making Qualys among the first entrants in the vulnerability management market. QualysGuard moved to market with a powerful combination of its highly accurate and easy-to-use scanning technology and a revolutionary new approach to delivering security applications, which now is called “Software-as-a-Service.”

Early skeptics of Qualys’ SaaS delivery of security applications now embrace the on demand power and flexibility of SaaS and credit it with changing the economics of security while also helping to drive further consolidation among large, legacy software vendors. Cloud computing and SaaS are entering mainstream with security vendors of all sizes flocking to adopt this new disruptive model as it provides superior technical capabilities and significant economic advantages over enterprise software solutions.

Philippe Courtot, CEO and Chairman of Qualys, is one of the few entrepreneurs who believed in the SaaS model and pioneered at Qualys for delivering enterprise security applications. In his keynote at RSA Europe 2009, Courtot will discuss the impact of cloud computing on the IT industry and the changes it brings to the enterprise security landscape and to the security professionals.

September 30, 2009 | Tags: , , | 1 Comment »

RSA Security Bloggers Meet Up 09 – 3 Weeks Away

RSASBM09

The RSA Security Bloggers Meet Up is only 3 weeks away, so if your a security blogger, reporter or media type and want to attend don’t forget to email bloggermeetup[at]securityactive.co.uk to register your attendance, there are only 50 spaces.

The venue for this even is The Fountains Abbey in London just down the road from the Hilton Metropole where the conference is happening. We will be there from 7:30 PM onwards in the upstairs meeting room, on the 20th October 2009.
FountainsAbbey

If your looking to sponsor the event there is still a short amount of time remaining to get involved (payments need to be received by the 14th October 2009), get in touch at the above email address if your interested.

See you there it should be fun.

We are proud and grateful to have the following organisations sponsoring  this event:

Qualys

IronKey

ISACA

September 29, 2009 | Tags: , , | 1 Comment »

Chris Gates – Open Source Information Gathering – BruCon 2009

This is the second of my 3 videos recorded at BruCon 2009.
This is the excellent presentation from Chris Gates on Open Source Information Gathering.

Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we’re on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.

Also to learn more about Chris and what hes up to check out his website.

Chris Gates – Open Source Information Gathering – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Chris Gates | Linking to is fine ::

| Tags: , , | No Comments »

Jayson E. Street – Dispelling the myths and discussing the facts of Global Cyber-Warfare – BruCon 2009

This is the first of my 3 videos recorded at BruCon 2009.
This is the excellent presentation from Jayson E. Street on Dispelling the myths and discussing the facts of Global Cyber-Warefare.

Abstract: There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of whats happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack.

Jayson has an excellent book coming out called “Dissecting the Hack: The Forbidden Network

Also to learn more about Jayson and where he is talking check out his website.

Jayson E. Street – Dispelling the myths and discussing the facts of Global Cyber-Warfare – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Jayson E. Street | Linking to is fine ::

September 22, 2009 | Tags: , , | 1 Comment »

Metasploit Unleashed from Offensive Security now available online for free

I blogged about this before, but its now officically available. Check it out and donate - http://www.offensive-security.com/metasploit-unleashed/

METASPLOIT UNLEASHED – MASTERING THE FRAMEWORK

This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework.

This is the free online version of the course. If you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $4.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.

The “full” version of this course includes a PDF guide (it has the same material as the wiki) and a set of flash videos which walk you though the modules. You may purchase these materials from the Offensive Security Training page. All proceeds from this course go to HFC.

September 21, 2009 | No Comments »

BruCon 2009, gone but certainly not forgotten

CIMG2534

Well I am back from BruCon, and what can I say it was excellent. Benny and Co did a fantastic job of setting up and running the Conference, and I am sure an excellent time was had by all. Great to see faces old and new, listen to some great speakers, attend some great workshops and spend some excellent time with cool people drinking excellent beer :)

If your not sure what I am on about check out http://brucon.org for more information.

I have recorded a couple of videos that I will be posting over coming few weeks (due to Vimeo restrictions), so check back to the blog for presentations from Jayson Street, Chris Gates and Chris Nickerson.

If you want some detailed posts on some of the presentations as they went on check out Chris Riley’s Blog (he has a time machine, so he could blog about them before the speaker even knew what they were saying).

Also check out Help Net Security for some official press material of the event.

So to all those I met and enjoyed the company of (you know who you are) thanks for a great one and see you soon.

Couple of pics, even some Kiosk hacking and Craig Balding talking about Cloud Security :)

| Tags: | 1 Comment »
« Older Entries