OWASP - SSL advanced forensic tool is an easy to use tool to check various SSL/TLS related configurations, behaviours and vulnerabilities. It’s a standalone tool and can be used in closed and very restricted environments.
Currently the tool is developed and maintained by a very small team. There is just enough time to keep the check up-to-date, accommodating new vulnerabilities, behaviours, etc.
The Working Session will focus on the internal redesign and some improvements the tool needs to bring full power to its users.
- Improve checking of certificates
- Implement state-of-the-art checking of OCSP
- Improve checking of DH parameters and EC parameters
- Write post processors for formatting the output; a lot of code is already there, it needs to be extracted in new tools
- Implement fuzzing features using TLS-attacker
- Build a test suite, run automated tests
- Build a sophisticated knowledge database with search capabilities (probably using Python NLTK)
- Is there a need for a GTK-based GUI (i.e. using YAD)?
The target audience for this Working Session is:
Back to list of all Working Sessions and Tracks
Edit this page here