REDWOOD CITY, CA--(Marketwired - Mar 17, 2015) - Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These new enhancements provide the same results as those obtained manually on SSL Labs, while enabling security professionals managing several websites to consolidate testing, detect changes in results and receive notifications on certificate expiration.
Today's infrastructure is complex and highly dynamic. There are often various changes that can happen, such as software updates that can reset parts of the configuration, which provides an opportunity for websites to be introduced to vulnerabilities. Qualys SSL Labs helps any user evaluate their SSL implementations to better utilize SSL and protect their sites from possible attacks.
"Our customers' security is our top priority," said David Rockvam, vice president, marketing, Entrust. "With this API, we can regularly check to ensure their ongoing safety and keep their businesses running smoothly. This will substantially improve the overall security of our customers."
The new features within SSL Labs include:
-
Server Assessment APIs give full access to the SSL Labs server inspection functionality, allowing programmatic invocation for any number of hosts. The availability of the APIs allow system operators to integrate SSL Labs assessment with their security policies and perform frequent automated checks.
-
Open Source Command-Line Tool is intended for use by those who don't wish to program against the APIs. Written in Go, it also doubles as a reference client for the APIs, providing those who wish to integrate them into other projects. The APIs have already been integrated by other open source efforts in .Net, Perl, and Ruby.
"Many organizations struggle to fully understand their exposure to various SSL/TLS security issues, due to the complexities of secure server configuration and constant change and attack disclosure in this space," said Ivan Ristic, director of engineering, Qualys, Inc. "By offering free API access, we are enabling our users to automate website testing and regularly check their configuration in order to ensure websites are secure and protected from SSL vulnerabilities."
Qualys is also working with domain name registrars, certification authorities, and large infrastructure providers to help verify the security of their customers. For example, the CZ Domain Registry is planning to use the new APIs to monitor the security of more than 1 million names they have in their domain space.