Security Company Leverages SSL to Protect Web Application Mashups

A startup is pushing a protocol based on Secure Sockets Layer encryption that enables Web applications to securely authenticate each other before mashing up.

The company, SafeMashups, is taking on a problem others have tried to solve using proprietary cryptography. Rather than take that approach, SafeMashups is using its MashSSL protocol-based on the time-tested cryptography of SSL-to enable applications to mutually authenticate via secure communication through the browser.

The company’s MashSSL standard has been designed to be implemented in RESTful fashion to optimize Web application interactions. With that as a foundation, the company is offering the MashSSL Web Toolkit, which enables developers to integrate MashSSL into any application, as well as the free SafeMashups Community service, which allows organizations to maintain lists of partners and applications they are willing to mash with.

“As a cryptographer, I can tell you that the only good crypto is really old crypto,” said Ravi Ganesan, CEO of SafeMashups. “Unfortunately it’s not a science; it’s an art. And the only way we know to trust protocol is [if] a lot of smart people have looked at it for five, 10 years and not been able to break it.”

Web applications mashing through a browser use the MashSSL Web Toolkit in conjunction with their existing SSL certificates. The process is invisible to the user, and there are no client downloads or any changes required to the browser. Enterprises that want to integrate the MashSSL Web Toolkit into their Web applications can obtain it under a perpetual royalty-free license, according to the company.

“Our target audience is the technology suppliers, people who supply [related] technology to enterprises, and the certificate authorities, because at the end of the day this is going to vastly increase the number of SSL certificates because people are going to find a lot more uses for it,” Ganesan said.

Right now, SafeMashups is part of The University of Texas at San Antonio’s Institute for Cyber Security’s Incubator program. The company remains under incubation at the Institute for Cyber Security at UTSA and is considering spinning out with external funding for accelerated growth by the end of the year.