TLS implementation test

From: Julien (prospi@gmail.com)
Date: Fri Oct 20 2006 - 04:27:39 EDT

• Next message: jmk: "Medusa 1.3 Release"
• Previous message: pdp (architect): "Re: XSS - how to run script"
• Next in thread: Kurt Seifried: "Re: TLS implementation test"
• Reply: Kurt Seifried: "Re: TLS implementation test"
• Reply: Tim: "Re: TLS implementation test"
• Reply: Ariel Waissbein: "Re: TLS implementation test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

This is my first post on this list :)
I have to test TLS implementation on our product. Ths goal is not to
discover a threat in TLS but to find threat in our implementation.
In my test I'll do :
- MitM
- Replay attack (I think it will not be possible because of TLS timestamps )
- Dos
- Sniffing (to check that all communications are encrypted)

What other tests could be done ?

Thanks

Julien

PS : Sorry for my english ...

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: jmk: "Medusa 1.3 Release"
• Previous message: pdp (architect): "Re: XSS - how to run script"
• Next in thread: Kurt Seifried: "Re: TLS implementation test"
• Reply: Kurt Seifried: "Re: TLS implementation test"
• Reply: Tim: "Re: TLS implementation test"
• Reply: Ariel Waissbein: "Re: TLS implementation test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT