SlideShare a Scribd company logo

SSLSmart - Smart SSL Cipher Enumeration Tool Demo

n|u - The Open Security Community
n|u - The Open Security Community

This document discusses SSLSmart, a tool for enumerating SSL ciphers. It introduces the speaker and explains why cipher enumeration is useful for PCI compliance, web application penetration testing, network assessments, and finding insecure crypto implementations. It then describes features of SSLSmart like flexibility, a graphical user interface, open source and cross-platform usage, and rich reporting capabilities. Finally, it demonstrates SSLSmart's GUI and custom scripting APIs.

Technology
1 of 12
Download to read offline
SSLSmart – Smart SSL Cipher Enumeration Gursev Singh Kalra nullcon | Feb26, 2011
Agenda ►Introduction ►Why Enumerate SSL Ciphers? ►Why SSLSmart? ►SSLSmart Demonstrations ►Q&A www.foundstone.com © 2010, McAfee, Inc.
Introduction ►Who am I? ■ Managing Consultant – Foundstone Professional Services ■ Web Applications, Networks, Mobile Applications, Research, Tools… www.foundstone.com © 2010, McAfee, Inc.
Why Enumerate SSL Ciphers? ►PCI Compliance ►Web Application Penetration Testing ►Network Assessments ►Insecure Crypto Implementation www.foundstone.com © 2010, McAfee, Inc.
Why SSLSmart? Flexible WYSIWYG SSLSmart Open Source and Rich Reporting Cross Platform www.foundstone.com © 2010, McAfee, Inc.
Flexibility • Granular Cipher Control • Certificate Verification • Proxy Support • Content and CONNECT Tests www.foundstone.com © 2010, McAfee, Inc.
What You See Is What You Get www.foundstone.com © 2010, McAfee, Inc.
Open Source and Cross Platform • Works with Ruby 1.8.6, 1.8.7, 1.9.1 & 1.9.2 • Tested on Windows, Linux www.foundstone.com © 2010, McAfee, Inc.
Rich Reporting • Text • HTML • XML www.foundstone.com © 2010, McAfee, Inc.
SSLSmart Demonstrations ►SSLSmart GUI ►Custom scripts using SSLSmart API’s www.foundstone.com © 2010, McAfee, Inc.
Queries www.foundstone.com © 2010, McAfee, Inc.
Thank You Gursev Kalra gursev.kalra@foundstone.com www.foundstone.com © 2010, McAfee, Inc.

Recommended

Quick Look - Employee Management, Task and Timesheet
Quick Look - Employee Management, Task and TimesheetQuick Look - Employee Management, Task and Timesheet
Quick Look - Employee Management, Task and TimesheetPoodle
 
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ViSolve, Inc.
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Shellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fixShellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fixSasidhar Gogulapati
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
Poodles!!!
Poodles!!!Poodles!!!
Poodles!!!animallover1
 
A Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemA Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemIJSRD
 

Recommended

Quick Look - Employee Management, Task and Timesheet
Quick Look - Employee Management, Task and TimesheetQuick Look - Employee Management, Task and Timesheet
Quick Look - Employee Management, Task and TimesheetPoodle
 
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ViSolve, Inc.
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Shellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fixShellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fixSasidhar Gogulapati
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
Poodles!!!
Poodles!!!Poodles!!!
Poodles!!!animallover1
 
A Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemA Study of SAAS Model for Security System
A Study of SAAS Model for Security SystemIJSRD
 
SSL MITM Attack Over Wireless
SSL MITM Attack Over WirelessSSL MITM Attack Over Wireless
SSL MITM Attack Over WirelessSecurityTube.Net
 
The Heartbleed Attack
The Heartbleed AttackThe Heartbleed Attack
The Heartbleed AttackShreyas Kothari
 
MITM : man in the middle attack
MITM : man in the middle attackMITM : man in the middle attack
MITM : man in the middle attackตาเล็ก วินโด้เก้าแปดเอสอี
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open micRahul Kumar
 
Poodle
PoodlePoodle
PoodleShreyas Kothari
 
SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLEJerome Smith
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Khaled Mosharraf
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacksn|u - The Open Security Community
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfYurii Bilyk
 
SSL/TLS : Faille Heartbleed
SSL/TLS : Faille HeartbleedSSL/TLS : Faille Heartbleed
SSL/TLS : Faille HeartbleedThomas Moegli
 
Network security
Network securityNetwork security
Network securityDhaval Kaneria
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Securityn|u - The Open Security Community
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL
 

More Related Content

Viewers also liked

SSL MITM Attack Over Wireless
SSL MITM Attack Over WirelessSSL MITM Attack Over Wireless
SSL MITM Attack Over WirelessSecurityTube.Net
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open micRahul Kumar
 
Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Khaled Mosharraf
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfYurii Bilyk
 
SSL/TLS : Faille Heartbleed
SSL/TLS : Faille HeartbleedSSL/TLS : Faille Heartbleed
SSL/TLS : Faille HeartbleedThomas Moegli
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 

Viewers also liked (20)

SSL MITM Attack Over Wireless
SSL MITM Attack Over WirelessSSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
 
The Heartbleed Attack
The Heartbleed AttackThe Heartbleed Attack
The Heartbleed Attack
 
MITM : man in the middle attack
MITM : man in the middle attackMITM : man in the middle attack
MITM : man in the middle attack
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open mic
 
Poodle
PoodlePoodle
Poodle
 
SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLE
 
SSL overview
SSL overviewSSL overview
SSL overview
 
Open ssl heart bleed weakness.
Open ssl heart bleed weakness.Open ssl heart bleed weakness.
Open ssl heart bleed weakness.
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacks
 
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itselfSSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
 
SSL/TLS : Faille Heartbleed
SSL/TLS : Faille HeartbleedSSL/TLS : Faille Heartbleed
SSL/TLS : Faille Heartbleed
 
Network security
Network securityNetwork security
Network security
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 

Similar to SSLSmart - Smart SSL Cipher Enumeration Tool Demo

VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML SecurityYusuf Motiwala
 
게임 서비스를 위한 클라우드 네트워크 활용
게임 서비스를 위한 클라우드 네트워크 활용게임 서비스를 위한 클라우드 네트워크 활용
게임 서비스를 위한 클라우드 네트워크 활용Seung Heun Noh
 
FullDay Faeder on Friday
FullDay Faeder on Friday FullDay Faeder on Friday
FullDay Faeder on Friday Adam Faeder
 
FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017Adam Faeder
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
Kubernetes meetup k8s_aug_2019
Kubernetes meetup k8s_aug_2019Kubernetes meetup k8s_aug_2019
Kubernetes meetup k8s_aug_2019dhubbard858
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experiencegaurav sharma
 
Securing the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudSecuring the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudTrent Adams
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management ForgeRock
 
Cloud gumbo slideshare
Cloud gumbo slideshareCloud gumbo slideshare
Cloud gumbo slideshareShane Rice
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarForgeRock
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
Techorama 2014 - Azure API management and Service Virtualization
Techorama 2014 - Azure API management and Service VirtualizationTechorama 2014 - Azure API management and Service Virtualization
Techorama 2014 - Azure API management and Service VirtualizationSam Vanhoutte
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?ForgeRock
 
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"ForgeRock
 
Cidway Banking 02 2011
Cidway Banking 02 2011Cidway Banking 02 2011
Cidway Banking 02 2011lfilliat
 

Similar to SSLSmart - Smart SSL Cipher Enumeration Tool Demo (20)

VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML Security
 
게임 서비스를 위한 클라우드 네트워크 활용
게임 서비스를 위한 클라우드 네트워크 활용게임 서비스를 위한 클라우드 네트워크 활용
게임 서비스를 위한 클라우드 네트워크 활용
 
FullDay Faeder on Friday
FullDay Faeder on Friday FullDay Faeder on Friday
FullDay Faeder on Friday
 
FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018
 
Kubernetes meetup k8s_aug_2019
Kubernetes meetup k8s_aug_2019Kubernetes meetup k8s_aug_2019
Kubernetes meetup k8s_aug_2019
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experience
 
Securing the Foundation to Secure the Cloud
Securing the Foundation to Secure the CloudSecuring the Foundation to Secure the Cloud
Securing the Foundation to Secure the Cloud
 
The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management The Future is Now: What’s New in ForgeRock Access Management
The Future is Now: What’s New in ForgeRock Access Management
 
Cloud gumbo slideshare
Cloud gumbo slideshareCloud gumbo slideshare
Cloud gumbo slideshare
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinar
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech club
 
Techorama 2014 - Azure API management and Service Virtualization
Techorama 2014 - Azure API management and Service VirtualizationTechorama 2014 - Azure API management and Service Virtualization
Techorama 2014 - Azure API management and Service Virtualization
 
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?Identity Gateway with the ForgeRock Identity Platform - So What’s New?
Identity Gateway with the ForgeRock Identity Platform - So What’s New?
 
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"
 
Cidway Banking 02 2011
Cidway Banking 02 2011Cidway Banking 02 2011
Cidway Banking 02 2011
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

SSLSmart - Smart SSL Cipher Enumeration Tool Demo

  • 1. SSLSmart – Smart SSL Cipher Enumeration Gursev Singh Kalra nullcon | Feb26, 2011
  • 2. Agenda ►Introduction ►Why Enumerate SSL Ciphers? ►Why SSLSmart? ►SSLSmart Demonstrations ►Q&A www.foundstone.com © 2010, McAfee, Inc.
  • 3. Introduction ►Who am I? ■ Managing Consultant – Foundstone Professional Services ■ Web Applications, Networks, Mobile Applications, Research, Tools… www.foundstone.com © 2010, McAfee, Inc.
  • 4. Why Enumerate SSL Ciphers? ►PCI Compliance ►Web Application Penetration Testing ►Network Assessments ►Insecure Crypto Implementation www.foundstone.com © 2010, McAfee, Inc.
  • 5. Why SSLSmart? Flexible WYSIWYG SSLSmart Open Source and Rich Reporting Cross Platform www.foundstone.com © 2010, McAfee, Inc.
  • 6. Flexibility • Granular Cipher Control • Certificate Verification • Proxy Support • Content and CONNECT Tests www.foundstone.com © 2010, McAfee, Inc.
  • 7. What You See Is What You Get www.foundstone.com © 2010, McAfee, Inc.
  • 8. Open Source and Cross Platform • Works with Ruby 1.8.6, 1.8.7, 1.9.1 & 1.9.2 • Tested on Windows, Linux www.foundstone.com © 2010, McAfee, Inc.
  • 9. Rich Reporting • Text • HTML • XML www.foundstone.com © 2010, McAfee, Inc.
  • 10. SSLSmart Demonstrations ►SSLSmart GUI ►Custom scripts using SSLSmart API’s www.foundstone.com © 2010, McAfee, Inc.
  • 11. Queries www.foundstone.com © 2010, McAfee, Inc.
  • 12. Thank You Gursev Kalra gursev.kalra@foundstone.com www.foundstone.com © 2010, McAfee, Inc.