Qualys Announces Free Online SSL Test for Businesses to Audit the SSL Implementation of Their Web Sites

New Research Introduced at Black Hat USA 2010 Unveils State of SSL on the Internet

Black Hat, Las Vegas, NV - July 29, 2010 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced a free online SSL test for web sites at Qualys SSL Labs, a site dedicated to providing resources for successfully using SSL to secure web sites and online transactions. The free online SSL test examines a web site’s SSL certificate chain to ensure it is trusted and serves as a good security foundation for communications over the Internet. In conjunction with this release, the findings of research conducted over the past year studying about 120 million registered domain names using more than 800,000 SSL certificates will be presented in a live session today at Black Hat USA 2010.

SSL is a security protocol that protects Web sites by enabling encryption of sensitive information during online transactions. While it is a valuable protocol, implementations can have issues, including problems with configurations and certificate validations, which render SSL useless, jeopardizing security on the Internet. Qualys SSL Labs and the new online SSL test help any user, whether technical or not, evaluate their SSL implementations to better utilize SSL and protect their sites from possible attacks.

“SSL is a successful protocol that serves as the security backbone of the Internet, but most sites just don’t have it well configured,” said Ivan Ristic, director of engineering for Qualys and creator of SSL Labs. “Qualys SSL Labs is non-commercial research effort focused on understanding how SSL is used as an attempt to make it better and help users everywhere configure it and use it properly.”

The new free online test lets a user test a web site’s SSL certificate chain to ensure it is trusted and serves as a good security foundation for communication over the Internet. It also performs comprehensive configuration analysis to detect configuration weaknesses and performance issues. Users simply enter the web site domain name, and the test will assess any server behind the domain. The test results include a numerical score, grading the SSL server across several categories, as well as a letter grade that rates the SSL configuration. To improve a score, guidelines and resources for improved SSL use are available at Qualys SSL Labs.

A final numerical score from 0 to 100 and a letter grade is provided at the end of the test indicating the strength of the SSL implementation on the web site being tested.

“Our aim at SSL Labs is to discuss the rarely mentioned aspects of SSL, promote its correct usage, and generally inspire everyone to do their part to promote security,” Ristic said.

Highlights of the research that will be discussed in details at the Black Hat USA talk include:

  • Only a tiny portion of all sites use SSL
  • Only 70 percent of certificates are valid
  • Half of all sites support the insecure SSLv2 protocol
  • About 38 percent of SSL sites are well configured; 62 percent are not
  • About 32 percent of sites still suffer from the renegotiation vulnerability

Availability

Ivan Ristic will introduce the new online SSL tool and discuss his research of SSL certificates across the globe in a session at Black Hat USA 2010 on July 29 at 10am PDT.

To learn more about SSL and to use the new free SSL testing tool, visit: https://www.ssllabs.com/. To discuss or provide feedback on the SSL test with other users, visit the Qualys Community at: http://community.qualys.com/community/ssllabs.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk andcompliance management solutions – delivered as a service. Qualys’Software-as-a-Service solutions are deployed in a matter of hours anywhere inthe world, providing customers an immediate and continuous view of theirsecurity and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85countries, including 42 of the Fortune Global 100 and performs more than 500million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com