Achim Hoffmann and the o-Saft Project for Scanning SSL Connections

Achim Hoffman is a researcher who has created a tool for listing information about remote target's SSL certificate and testing the remote target against a given list of ciphers. This OWASP project, o-Saft, first gained notice when Jim Manico mentioned it on the OWASP email list. At AppSec Europe 2014, I was able to speak with Achim, along with Matt Tasauro, about the function of the tool and its uses. n About the Project o-Saft is designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. O-Saft is a command-line tool, so it can be used offline and in closed environments. However, it can simply be turned into an online CGI-tool (please read documentation first). About Achim Hoffman Co-Autor OWASP: Best Practices: Projektierung der Sicherheitsprüfung von Webanwendungen Autor Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices Contributor to WASC Web Application Firewall Evaluation Criteria Co-Author OWASP: Best Practices: Web Application Firewalls Reviewer/Contributor to WASC Threat Classification v1 Deutsche Übersetzung der WASC Threat Classification v1 Reviewer/Contributor to WASC Threat Classification v2

Napsat komentář

Vaše emailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *