Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: verify HTTPS 'vulnerabilities'

from [Michael Sierchio] Network Security [Permanent Link]
Subject: Re: verify HTTPS 'vulnerabilities'
Date: Tue, 26 Jul 2005 14:23:50 -0700 

In addition to the cogent comments of others, I suggest you
assure that you cannot establish an SSL 2.0 connection -- the
protocol has vulnerabilities which are exploitable, and most
browsers and some servers still support this version.  Only
TLS 1.0 or SSL 3.0 should be used.

The server handshake provides a list of DNs of trusted
signers, that's something to look at since it has an
impact on client auth.

You should determine if a client can downgrade the security
to a degree to which the communication cannot be considered
adequately secured or private.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: verify HTTPS 'vulnerabilities', Todd Towles
Next by Date:  Re: Security with USB Devices, Michael Parker
Previous by Thread:  Re: verify HTTPS 'vulnerabilities', Thomas Springer
Next by Thread:  RE: verify HTTPS 'vulnerabilities', Jarmon, Don R
Indexes:  [Date] [Thread] [Top] [All Lists]