June 2017
Intermediate to advanced
338 pages
8h 28m
English
Our first tool in this regard may be the only one you need. Written in Python, SSLyze (https://github.com/iSECPartners/sslyze) will reach out to a server using pretty much any transport protocol in use today, and do so fast! By initiating StartTLS handshakes with the server across all manner of protocols, it can scan for cipher suite issues, negotiation flaws, certificate inconsistencies, and common SSL-focused vulnerabilities that have put many in the news (Heartbleed, CRIME, and so on.)
Using SSLyze is a piece of cake; you can select a number of options to pass, and then test multiple servers at the same time. The options can help refine the versions being tested, the timeouts and retries associated with the ...
Read now
Unlock full access