Posts Tagged ‘SSL’

Verifying SSL Security with sslyze

Many people are speaking these days about the SSL-Exhaustion attack which is a way to make any https server out of service, this attack allow hackers to take down any server remotely by using a special vulnerability widely known since 2003. Secure SSL require 15 times more server processing power than on client, so here [...]

Share

Automated HTTPS Vulnerability Testing

One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users information while data are transferred in a clear text form. HTTPS is a combination of the [...]

Share

SSLStrip : HTTPS stripping attack

Moxie Marlinspike demonstrated another way to compromise SSL based website at the BlackHat DC 2009,which is the HTTPS stripping tool called SSLStrip. For example if we are looking to check our email on Gmail, we open our browser and we start typing the address: mail.google.com or gmail.com, and we don’t care about the page if [...]

Share

Defeating SSL Vulnerability Remain unfixed

It has been now Nine weeks since Moxie Marlinspike demonstrated the “new” way of attacking SSL at the Black Hat security conference by the help of his tool, called SSLstrip he was able to make a man-in-the-middle attack on normal, insecure http traffic and replaces links to secure https pages with normal http, so after [...]

Share