• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Qualys Launches Open Source Web App Firewall Project

    February 22, 2011 Alex Woodie

    Qualys last week unveiled IronBee, a new open source Web application firewall (WAF) project. The goal of the project is to leverage the open source community to build a high performance WAF that can protect users against the latest security threats to Web applications. The software will feature a liberal license, and will be free to anybody.

    Security on the Web continues to be a giant concern for everybody who does business on the public Internet. And while many organizations are vaguely aware there’s some kind of problem going on out there, there is far too little actively being done about it.

    How bad is it? According to the recently released “State of Application Security Survey” by the Ponemon Institute, nearly three-quarters of organizations have been hacked at least once via insecure Web applications during the last two years. One of the problems highlighted by the study was that about 70 percent of organizations rely on old-school network firewalls to protect them, instead of investing in modern WAFs that can identify recent attack methods.

    But the most appalling statistic from the Ponemon study may be this: 88 percent of organizations spend more money on coffee than on securing their Web applications.

    The IronBee project won’t change that last statistic, since the goal of the project is to make a strong WAF available to anybody, free of charge. But if the project gets enough support from the application development and security communities, it can certainly lower the bar of entry into the WAF product category, and possibly stem the free flow of money and data from the world’s insecure Web apps into the hands of cyber criminals.

    In its introductory white paper Qualys says its goal with IronBee is to create a “universal application security sensor.” In other words, it wants a flexible WAF framework upon which users can customize their specific rules and restrictions, and upon which software vendors can build commercial open source products.

    IronBee will offer several WAF deployment modes, including passive, embedded, reverse proxy, command line (for batch processing), and out-of-process. Capabilities that will become part of IronBee include virtual patching, application hardening, real-time security monitoring, continuous passive monitoring, and protection against known exploits.

    The first IronBee build is complete, and Qualys is ready to take it to the next level. There is still a lot of work left to be done, and Qualys hopes that taking the next steps together with the open source community is the best way to create a powerful and universally acceptable WAF solution. The goal is to have a production-ready version of IronBee by year’s end.

    Web application security requires a community approach, according to Qualys CEO and chairman Philippe Courtot. “It is quite obvious that no single company alone can fight the sophistication of attacks we are now facing,” Courtot states in a press release. The IronBee project will “leverage the collective intelligence of the community to develop a cloud-based WAF with a diverse rule set that can help protect us all against cyber attacks.”

    One of the first backers of IronBee is Akamai, the inventor of network resiliency technology that is the best friend of every high-volume e-business website. Akamai vice president of product development John Summers says the two companies share a vision “that Web security must evolve to become an intercommunicating ecosystem of controls located both in the cloud and within the user’s infrastructure.” Amen to that.

    For more information, see www.ironbee.com.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Midrange Dynamics North America

    With MDRapid, you can drastically reduce application downtime from hours to minutes. Deploying database changes quickly, even for multi-million and multi-billion record files, MDRapid is easy to integrate into day-to-day operations, allowing change and innovation to be continuous while reducing major business risks.

    Learn more.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    PowerTech:  FREE Webinar! An Auditor's View: Assessing IBM i Security Risks in 15 minutes. March 2
    RJS Software Systems:  Integrate RPG, SQL and Excel for maximum ROI with RPG2SQL Integrator
    Northeast User Groups Conference:  21th Annual Conference, April 11 - 13, Framingham, MA

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Novell Shareholders Vote Yes for $2.2 Billion Attachmate Acquisition Secure DB2 for i Database Server Access by IP Address

    Leave a Reply Cancel reply

Volume 11, Number 7 -- February 22, 2011
THIS ISSUE SPONSORED BY:

Help/Systems
PowerTech
Maxava
ASNA
RJS Software Systems

Table of Contents

  • Infor Has High Hopes for New S&OP Application
  • At mindSHIFT, IBM i Hosting Options Abound
  • nuBridges Unveils TaaS, a Hosted Data Tokenization Service
  • Qualys Launches Open Source Web App Firewall Project
  • IBM Delivers Super Fast IPS
  • Attunity Signs OEM Deal with Microsoft for SSIS
  • LogRhythm Goes AI with Security Threat Detection Engine
  • QlikView Looks Inside the Criminal Mind
  • IBM Updates LTO Storage Gear
  • Lawson Unveils Cloud-Based PLM for Clothes Makers

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24
  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle