Qualys Offers Free Browser Vulnerability Scan

Qualys announces availability of a free vulnerability scanning service intended to find potential security holes in users' Microsoft Internet Explorer Web browsers, along with advice on how to patch them.

by eSecurity Planet Staff [May 13, 2002]

Qualys, Inc. last week announced availability of a free vulnerability scanning service intended to find potential security holes in end users' Microsoft Internet Explorer Web browsers, along with advice on how to patch them.

Qualys, a managed vulnerability assessment firm based in Redwood Shores, Calif., says the browser scan is intended to mimic a hacker to determine if various vulnerabilities exist in a user's browser. System administrators can employ the service to demonstrate to employees the potential vulnerabilities they face when conducting routine activities such as browsing the Web or shopping online. The scan will also help keep administrators up to date with the latest patches and techniques for addressing security flaws, Qualys says.

Among the vulnerabilities the scan will detect are:

• Cookie disclosure, when hackers gain access to cookies stored on a user's PC and use the information they hold to pose as that user on specific Web sites.
  

• Program execution, which enables hackers to launch applications stored on a user's PC, including viruses installed by the hacker.
  

• Security zone spoofing, enabling a hacker to pose as a "trusted" Web site and download malicious code to a user's machine.

Qualys says nothing is downloaded to a user's machine during its vulnerability scan. If problems are found, Qualyis points users to validated Microsoft patches to fix the vulnerabilities. Users can access the scan at http://browsercheck.qualys.com.

— End