On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

July 8th, 2008

The importance of Ratproxy

Posted by Dana Blankenhorn @ 6:42 am

Categories: Applications, BSD, General, Google, Infrastructure, Internet, Security, management, support

Tags: Web, Enterprise Security, Security Audit, Ratproxy, Caturday, Web Hosting, Channel Management, Security, Internet, Marketing

Caturday by Michael ZelewskyMost journalists are treating Google’s release of Ratproxy, a  “largely passive web application security audit tool,” as an excuse for a lame joke.

It’s a lot more than that. (Picture by Ratproxy developer Michael Zalewski. Ratproxy needs a mascot. Caturday is a good candidate.)

First, this is an important capability which every Webmaster and Web host should have in the ongoing battle with script kiddies and serious criminals.

In a way it’s a server-side anti-viral, aimed at catching injections of malware as they happen. Thus any Web host which wants to be honest and fight the bad guys can, proactively and in the background.

The software detects and annotates a broad range of nastiness, allowing security officers to analyze things at their leisure.

That’s the free-as-in-beer benefit.

But by placing this under the Apache 2.0 license, there is more. This can quickly be adapted, and improved, by commercial providers and by enterprises frightened of the GPL’s code-sharing requirements.

Contributions can be maintained in-house if an enterprise insists, and the capabilities can even find their way into proprietary products. It can be inserted into standard enterprise security services from IBM and others.

This means the capabilities of Ratproxy could quickly become ubiquitous, a standard feature in web hosting systems and enterprise stacks. It provides a base for enhancements, under open source, so script kiddies can’t hide.

Within months you’ll be able to ask whether a system is running Ratproxy and if not, why not? That may prove a hard question to answer if a business is pretending to be honest when it’s not. Because there will be no excuses.

You will also enjoy a visit to the secret lair of the software’s developer, Michael Zalewski. He does accept fan mail. He deserves some.

Dana BlankenhornDana Blankenhorn has been a business journalist for 30 years, a tech freelancer since 1983. You can follow Dana on Twitter. See his full profile and disclosure of his industry affiliations.

Email Dana Blankenhorn

Subscribe to Linux and Open Source via Email alerts or RSS.

Talkback

Add your opinion

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here