Penetration Testing mailing list archives
Re: TLS implementation test
From: "Kurt Seifried" <bt () seifried org>
Date: Sat, 21 Oct 2006 00:36:29 -0600
What other tests could be done ? Thanks Julien
Can an attacker force a connection to step down, can an attacker inject data? Tools like dsniff, although old, are quite effective.
Something I wrote a looong time ago: http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html Also is your certificate chaining/etc done securely. -Kurt Seifried ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- TLS implementation test Julien (Oct 20)
- Re: TLS implementation test Kurt Seifried (Oct 21)
- Re: TLS implementation test Tim (Oct 21)
- Re: TLS implementation test Julien (Oct 21)
- Re: TLS implementation test Julien (Oct 24)
- Re: TLS implementation test Ariel Waissbein (Oct 24)