Pierluigi Paganini March 21, 2015

Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites.

The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL Labs users to automate testing activities to search for SSL vulnerability in customers’s websites.

ssllabs-scan is the name of the tool that Qualys SSL Labs provided for free to conduct automated and bulk testing, it is basically an open source command-line scanning tool which is available on Github.

Qualys provided also a set of APIs (SSL Labs APIs), with a full access to the SSL Labs server inspection functionalities, to allow security experts who manage several websites to conduct testing activities.

“SSL Labs APIs expose the complete SSL/TLS server testing functionality in a programmatic fashion, allowing for scheduled and bulk assessment. We are making the APIs available to encourage site operators to regularly test their server configuration.” states the official page of SSL Labs APIs

The intent of the company is to improve testing experience and allow easy detection of any SSL/TLS vulnerability in the processes and software used by users to manage their SSL infrastructures.

“Many organizations struggle to fully understand their exposure to various SSL/TLS security issues, due to the complexities of secure server configuration and constant change and attack disclosure in this space,” said Ivan Ristic, the director of engineering at Qualys.

Some organizations already announced the use of the SSL Labs APIs, according to Qualys, the Czech Republic (CZ) domain registry is one of them and thanks to the APIs will monitor over 1 million domains.

Pierluigi Paganini

(Security Affairs – SSL Labs APIs, Qualys)