SSL/TLS Checklist for Pentesters

I gave a presentation at BSides MCR 2014 on the subject of SSL and TLS checks from a pentesting viewpoint. The idea was to focus on the pitfalls of testing, why the tools may let you down and how to check for issues manually (as much as possible), often using OpenSSL.

The slides can be found here and here.

Cheatsheet

UPDATE 7th September 2014: I’ve now written a table that pulls together the manual checks discussed in the presentation – plus a few more (which will appear in any future presentations). Since tables are a pain in WordPress and I don’t want to risk a plugin at this time of night, you can find a (lazy) HTML table here.

For updates on content and future presentations follow me.

2 thoughts on “SSL/TLS Checklist for Pentesters

    1. Jerome Post author

      Ha ha – made worse by the curse of copy and paste! Corrected now, cheers.
      PS – a couple of tweaks to follow soon

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>