Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to perform SSL certificate validation ?

from [Nagareshwar Talekar] Network Security [Permanent Link]
Subject: Re: How to perform SSL certificate validation ?
Date: Thu, 13 Jul 2006 23:50:14 +0530 
Hi List,

    Thanks for  all the suggestions and ideas. I had lot of
confusions in the begining and most of them is resolved now :-)

   It turned out to be lotta complex than I thought to be :-)

   Thanks for spending your time on this.


On 7/11/06, Max <Reply.to.list@acme.com> wrote: 
Have a look at this application:

http://www.download.com/Globaltrust-Verification-Engine/3000-2144_4-10529972.html?tag=lst-0-1

M@x


Nagareshwar Talekar wrote:
> Hi List,
>
> I am working on implementation of LDAP client where in there is
> requirement
> to validate the server's ssl certificate. This is similar to what
> browser  does in case of ssl enabled website. After reading few
> articles over net  I came to know that following checks needs to be
> done for verfication of ssl certificate.
>
>       1) Check if certificate is not expired.
>       2) Common name on the certificate matches the DNS name of the
> server.
>       3) Checks if the CA is trused.
>
>  I don't know how to perform the check for 3rd step. How can we ensure
>  that CA is trusted? One of my colleague told that I have to store all
> trusted
>  root certificates and then compare incoming certificate with existing
> ones..
>
>  Is there any better way to check this ...?
>
>  Also I was told that certificate validation is done to prevent the
> SSL-MITM attack
>  Is this the only reason or is there any other reason for which the
> SSL certificate
>  validation is done ?
>
> It will be great if you can throw some light in this matter. Any
> links to relevant
> websites will do as well.
>
> Thanks
>




--
With Regards
Nagareshwar

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Oracle SQL Injection, Esteban Martinez Fayo
Next by Date:  Is there an Open Source Vulnerability Analysis Framework?, Steve Armstrong
Previous by Thread:  Re: How to perform SSL certificate validation ?, Max
Next by Thread:  How to perform SSL certificate validation ?, Nagareshwar Talekar
Indexes:  [Date] [Thread] [Top] [All Lists]