A new open source Web Application Firewall (WAF) project called IronBee was released this week. The launch means an alternative approach to ModSecurity, which has helped lead the WAFs charge to date.
Spearheaded by Qualys security researcher Ivan Ristic, the IronBee project has already gained the interest of content delivery network vendor Akamai.
Ristic stressed that the IronBee project has been started from scratch, which also represents a key opportunity for the effort to develop an entirely new type of WAF. The IronBee project is starting off with at least three full-time developers that are being funded by Qualys with the hope that more developers will join the project soon.
One possible implementation of IronBee under consideration is as a network sniffer.
According to Ristic, a barrier to adoption for WAFs to date has been that they’re costly, which has limited their deployment.
“I don’t believe we’ve achieved what needs to be achieved in terms of availability of WAFs,” Ristic said. “So what Qualys is doing is funding development of a brand new project and the whole goal is to focus on the community side first and technical issues second.”
Get more details on the release of IronBee in eSecurity Planet’s report.