Beruflich Dokumente
Kultur Dokumente
www.ironbee.com
Introduction
Qualys is announcing the development of IronBee, a new open source project to build a universal web
application security sensor. Our desire is not only to build the code and the rules, but also to focus on
building a community around the project. In fact, we believe that building the community is the most
important aspect of the project and the only way to ensure that it has a long life.
proxy, command-line (for batch processing), and out-of-process (in which traffic is shipped for
inspection outside the process or server of origin).
Portability
We use abstractions to make the bulk of the code independent from environmental variations.
Porting IronBee to a new environment (e.g., web server or proxy) should require only the
implementation of a very small interface layer that deals with data acquisition.
Modularity
Modularity is important for two reasons. First, new developers should be able to implement their
ideas quickly, without having to understand how the project as a whole works. We will enable this
ease of usage with good APIs and documentation. Second, deployment-time modularity allows
end-users and packagers to customize the sensor to perform well in their own environments.
Powerful functionality
We are not forgetting the users. After all, the product must address the core user needs in order
to be successful. We are going to do this by offering a range of features, each suitable for a
particular requirement. We will equally address security and usability needs with an easy-to-use
configuration language, advanced features for advanced users, and many time-saving features
on a high level of abstraction.
Technical quality
At the end of the day, it is very important that the sensor is of high qualitysecure, robust, and
efficient. Our source code is just that, with fully automated cross-platform builds and unit and
regression testing.
Rules
Having a good framework is great, but it is important to couple the framework with an effective rule
set that brings value to users across a broad spectrum:
Complete security coverage
Rules should provide reasonably complete coverage of application security issues.
Effectiveness
Rules should achieve their targets of detecting and preventing attacks, making it impossible (in
some cases) or substantially more difficult (in others) for attackers to succeed.
Low rate of false positives
There should be a minimal and tolerable number of false positives to handle.
Ease of use
Choosing what rules to run, how to respond to events, and how to create exceptions should not
be a burden on administrators.
5
Documentation
All rules should be well documented, with their purpose, coverage, and side effects clearly
explained.
Traceability
Every rule must be traced back to a need, which will allow users to make an informed decision
about whether that rule is needed in their environment.
Whenever possible, we will aim to remain compatible with existing solutions.
Schedule
Our development roadmap is located in the IronBee wiki. We are not assigning deadlines to milestones,
but, roughly, we are working toward a goal is to have a robust version ready by the mid-2012.
About Qualys
Qualys, Inc. (www.qualys.com) is the leading provider of on-demand IT security risk and compliance
management solutions delivered as a service. Qualyss Software-as-a-Service solutions are deployed
in a matter of hours anywhere in the world, providing customers with an immediate and continuous
view of their security and compliance postures. The QualysGuard service is used today by more than
3,500 organizations in 85 countries, including 40 of the Fortune Global 100; QualysGuard performs
more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment
in the world at a Fortune Global 50 company. Qualys has established strategic agreements with leading
managed service providers and consulting organizations, including BT, Etisalat, Fujitsu, IBM, I(TS)2,
LAC, SecureWorks, Symantec, Tata Communications, TELUS, and VeriSign.
Copyright 2011-2012 Qualys, Inc. All rights reserved.