New APIs and New Free Open Source Tool Enable Security Professionals to Automate Website Testing for SSL Vulnerabilities
REDWOOD CITY, Calif. – March 17, 2015 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These new enhancements provide the same results as those obtained manually on SSL Labs, while enabling security professionals managing several websites to consolidate testing, detect changes in results and receive notifications on certificate expiration.
Today’s infrastructure is complex and highly dynamic. There are often various changes that can happen, such as software updates that can reset parts of the configuration, which provides an opportunity for websites to be introduced to vulnerabilities. Qualys SSL Labs helps any user evaluate their SSL implementations to better utilize SSL and protect their sites from possible attacks.
“Our customers’ security is our top priority,” said David Rockvam, vice president marketing, Entrust. “With this API, we can regularly check to ensure their ongoing safety and keep their businesses running smoothly. This will substantially improve the overall security of our customers.”
The new features within SSL Labs include:
Server Assessment APIs give full access to the SSL Labs server inspection functionality, allowing programmatic invocation for any number of hosts. The availability of the APIs allow system operators to integrate SSL Labs assessment with their security policies and perform frequent automated checks.
Open Source Command-Line Tool is intended for use by those who don’t wish to program against the APIs. Written in Go, it also doubles as a reference client for the APIs, providing those who wish to integrate them into other projects. The APIs have already been integrated by other open source efforts in .Net, Perl, and Ruby.
“Many organizations struggle to fully understand their exposure to various SSL/TLS security issues, due to the complexities of secure server configuration and constant change and attack disclosure in this space,” said Ivan Ristic, director of engineering, Qualys, Inc. “By offering free API access, we are enabling our users to automate website testing and regularly check their configuration in order to ensure websites are secure and protected from SSL vulnerabilities.”
Qualys is also working with domain name registrars, certification authorities, and large infrastructure providers to help verify the security of their customers. For example, the CZ Domain Registry is planning to use the new APIs to monitor the security of more than 1 million names they have in their domain space.
About SSL Labs
SSL Labs is a free online service that performs deep analysis of the configuration of any SSL web server on the public Internet. In addition, the site includes a collection of documents and tools related to SSL to help organizations collaborate and better understand SSL. In recent years, SSL Labs became the de-facto standard for SSL/TLS configuration assessment and performs hundreds of thousands of scans every month. For more information on the new API service, please visit Qualys SSL Labs.
About Qualys, Inc.
Qualys, Inc. (NASDAQ: QLYS) is the pioneer and leading provider of cloud security and compliance solutions with over 7,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) and the Council on CyberSecurity. For more information, please visit www.qualys.com.
Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
LEWIS PR on behalf of Qualys