The art of verifying SSL/TLS configuration
One of very important steps when performing penetration tests is to verify SSL/TLS services configuration - here is how it's done.
Straight from the mouth, or better still - fingertips, of our CTO Bojan Zdrnja, there is a great SANS ISC diary on importance of verifying configuration of any SSL/TLS services. But since Bojan is our pen test team leader, and SANS instructor, he doesn't go deep into theory but shows you his techniques for this all-important step in pen testing.
In the first part of the series (if you didn't catch it, get it here
) he talks about useful scripts that will make life easier for every pen tester, and in the second (we encourage you to check it out here
) he goes deeper into reading the output of ssl-cert script.
In the third part of the series, coming to you soon, you'll hear about encryption algorithms and protocols you need to pay attention to.
Although these diaries are geared towards pen testers, they are also of great value to security auditors, and anyone interested in IT security in general.
Bojan will be at BalCCon2k19 conference giving presentation on that topic
so you can check him out live.