June 2017
Intermediate to advanced
338 pages
8h 28m
English
Much of an application's crypto configuration and potential flaws can be identified and verified simply through connecting to the application and seeing what was negotiated. This can be pretty labor-intensive, so luckily we have some fast scanning tools that will systematically negotiate all potential configurations from a server to better help us understand what they are allowing.
I would still recommend spending some quality time learning how to test SSL/TLS manually, as it is always handy to have a quick check to ensure versions, cipher preference, and similar ones. A great writeup and cheatsheet is available at http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html.
Read now
Unlock full access