Qualys Adds A Free API To Its SSL Testing Services

Qualys Adds A Free API To Its SSL Testing Services

The California based security vendor Qualys has recently added a public API in its SSL Labs non-commercial SSL security resources to help enterprises to test their own infrastructure for free.

Ivan Ristic, director of engineering at Qualys said, "SSL Labs tests public HTTP service, and if you go there, it tests one server at a time. While that's fine, we've had requests from people who have more than one server"

"If you have more than one server, it's difficult to keep track of all of them, " he added.
Qualys said it is working specifically with organizations such as large infrastructure providers, domain name registrars and certification authorities to better monitor their customers through the API.

Qualys also offers a SSL grading test (Letter A to F) which is designed to show how the service is configured.

Ristic said, "If we give you an A, that means that you're passing and you have decent configuration and good security."

"Of course, if we give you an F, that means there's something seriously wrong, and then you have to work on it. You look at the results and figure out what's wrong and fix it."

"It's always [getting] stricter," Ristic said about the grading system. "We never relax requirements."

Ristic warned, "If you increase the size of your server keys, the connections to your server become slower."

"Most sites do not need military-grade security," he added.

No comments

Powered by Blogger.