A few weeks ago we released TLSSLed v1.0 with the goal of helping organizations to test their SSL/TLS (HTTPS) implementation for common flaws and misconfigurations. Today, we release an updated version, v1.1, that includes some additional tests.
The new tests check the certificate public key length, the certificate subject and issuer (CA), as well as the validity period, but besides that, they focus on the existence of HTTP secure headers on the target website main page (by using the HTTP/1.0 HEAD method), such as Strict-Transport-Security and cookies with and without the "secure" flag set.
TLSSLed v1.1 can be downloaded from Taddong's lab.
Future versions of the tool are open to improvements and new tests. Do not hesitate to contact me with ideas!
Sunday, July 10, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment