Qualys Launches Periscope for Out-of-Band Web App Vulnerability Detection
Qualys has introduced Periscope, a new vulnerability detection mechanism for web applications and REST APIs. It operates independently of traditional HTTP request-response interactions, focusing on out-of-band vulnerabilities that can target internal systems.
Periscope, available on several Qualys platforms, can detect vulnerabilities like Blind XXE injection, SMTP Header Injection, and Server-Side Request Forgery (SSRF). It works by fuzzing fields with crafted payloads, capturing DNS lookup requests, and verifying vulnerabilities.
Organizations can use Periscope to gain deeper insights into their web application vulnerabilities, driving remediation efforts and reducing risk. This method resembles other Out-of-Band Application Security Testing methods, avoiding disruption to the production environment.
Periscope's unique approach to vulnerability detection is now available on Qualys platforms, including EU1, EU2, US1, US2, US3, and IN1. Its effectiveness was demonstrated in a 2019 data breach against a U.S. bank, where it detected an SSRF vulnerability.
Read also:
- Expanded Criticism of Human Rights Protections - Specialists Criticize Russia's Intensified Crackdown on Virtual Private Networks and Encrypted Applications
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Artificial Intelligence's Self-Consumption: The Demise of the Attention Economy
- Auto industry giants Fescaro and TUV Nord team up for cybersecurity certification in automobiles
