Qualys, Inc. just recently announced IronBee,  a new open source web application firewall project.

The project appears to be funded mainly by Qualys, Inc, but Akamai also appears to have some influence based on the press release published on Feb 14, 2011.

This new project is led by some of the same folks that originally developed ModSecurity, but appears to be more focused towards widespread usability and a “cloud” or Software as a Service design.

Why WAF?

Web Applications Firewalls (WAF’s) are not used nearly enough where they could be helpful to block web application vulnerabilities.

When I have discussed the non-usage of WAF”s with various folks that manage webservers, their answer was that they added another layer of complexity they did not want to manage.

IronBee seems to be answering many of the issues folks have had with WAF’s by offering…

• Ease of implemenation
• Portability of rules
• Flexibility of implementation

There are many reasons to use a WAF, and projects such as IronBee are reducing the reasons not to use one.

The Business of Web Application Security

• I can see Akamai using IronBee as part of their WAF solution offered to customers.The flexibility of implementation may save them costs over their current WAF solutions.

• Companies like Qualys  could offer a cloud based WAF like IronBee to help protect the customers that are already using their vulnerability scanning services.

• Web Hosting providers like RackSpace or GoDaddy could more easily offer a WAF like IronBee as a default part of their service, or charge a slightly higher fee to protect your website with a WAF. This concept is already being used with HyperGuard on Amazon Web Services.

I’ll be keeping track of the IronBee project, and possibly offering help where I can.

Let’s face it, a computing platform is only as usable for consumers as the applications that ride on top of it.  Below I explain my logic on why have chosen certain platforms over others.

Mobile Computing – Iphone

http://www.apple.com/iphone/

Application availability.

I am not an “Apple person”, but the iphone is the “anti Macintosh” to me. (The iphone has good pricing and App availability, the Macs demand a premium price with less apps available.)

Over 50,000 applications available for the iphone.  How many applications are available on the other phones? I don’t know, but I know it isn’t even close to how many the iphone has available. And the pricing for apps is reasonable. It’s going to be a while before other platforms catch up. I think there will be better competition in the future, but for now, I’m sticking with the iphone.

Firefox

Plugins!!!

Mozilla has made it easy to develop plugins for Firefox. I don’t particularly like the browser itself any better than IE8 or Safari. However, the abundant plugins available and extra functionality it provides in the browser is unbeatable by the other browsers right now. As browsers become more of an application platform, this may become an even bigger selling point.

Browser developers like Google, Microsoft & Apple need to ensure their plugin development environments are easy to use for developers, and facilitate stable functionality.

Windows 

Apps Everywhere!

Disclaimer, I’ve managed Microsoft systems for years. So I could have some bias here.

Don’t get me wrong, it has not been an easy road. Microsoft is just now maturing their utilities to the point where you can manage large amounts of their machines without having to write your own code using their API’s. (which is what I had to do for years) I’ve had more 36 hour days fixing my Microsoft systems issues than most people have had 12 hour days at work. I don’t even remember having a life my first few years at work.

Some things that Microsoft does do well is listening to customers, and trying to make it easy for people to develop applications for their platforms.  A few years ago there seemed to be a tipping point where you saw applications that had only been available on Apple being ported over to work on Windows. That seemed to be the point where the demand for Windows applications was so large that enterprises and consumers were demanding apps be available for Windows, and they got what they wanted.

I have confidence I can go out and get (either free or purchase) any type of application that I need to work on the Windows platform. Mac & Linux really just don’t have the same volume or variety of apps available.

Summary

To summarize, the success of computing platforms depends on demand for that platform. I feel that one of the main factors for driving the demand of those platforms is application availability.

My advice to companies is to focus on making application development for their platform so easy that anybody can do it, while protecting the system from poorly designed apps.