From: Julien (prospi@gmail.com)
Date: Mon Oct 23 2006 - 02:11:34 EDT
hi guys,
when i remove or add data application don't provide any alert, but
transfert is breaked. It'can be a problem, but at least, server is not
compromised.
That"s better than nothing.
Thanks
2006/10/21, Tim <tim-pentest@sentinelchicken.org>:
>
> > I have to test TLS implementation on our product. Ths goal is not to
> > discover a threat in TLS but to find threat in our implementation.
> > In my test I'll do :
> > - MitM
> > - Replay attack (I think it will not be possible because of TLS timestamps )
> > - Dos
> > - Sniffing (to check that all communications are encrypted)
> >
> > What other tests could be done ?
>
> Well, there's always modification. If someone adds or removes encrypted
> data, or modifies it in transit, will your implementation detect it?
> This is particularly important when using stream cipher based
> ciphersuites.
>
> Also, does your implementation do perform correct client/server
> certificate validation? It's a pretty complex process, and other major
> implementations have had bugs in the past in this area.
>
> good luck,
> tim
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:14 EDT