nullcon 2011 - sslsmart – smart ssl cipher enumeration
DESCRIPTION
SSLSmart – Smart SSL Cipher Enumeration by Gursev Singh KalraTRANSCRIPT
![Page 1: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/1.jpg)
SSLSmart – Smart SSL
Cipher Enumeration
Gursev Singh Kalra
nullcon | Feb26, 2011
![Page 2: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/2.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Agenda
►Introduction
►Why Enumerate SSL Ciphers?
►Why SSLSmart?
►SSLSmart Demonstrations
►Q&A
![Page 3: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/3.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Introduction
►Who am I?
■ Managing Consultant – Foundstone Professional
Services
■ Web Applications, Networks, Mobile Applications,
Research, Tools…
![Page 4: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/4.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Why Enumerate SSL Ciphers?
►PCI Compliance
►Web Application Penetration Testing
►Network Assessments
►Insecure Crypto Implementation
![Page 5: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/5.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Why SSLSmart?
Flexible WYSIWYG
Open Source and Cross Platform
Rich Reporting
SSLSmart
![Page 6: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/6.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Flexibility
• Granular Cipher Control
• Certificate Verification
• Proxy Support
• Content and CONNECT Tests
![Page 7: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/7.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
What You See Is What You Get
![Page 8: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/8.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Open Source and Cross Platform
• Works with Ruby 1.8.6, 1.8.7, 1.9.1 & 1.9.2
• Tested on Windows, Linux
![Page 9: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/9.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Rich Reporting
• Text
• HTML
• XML
![Page 10: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/10.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
SSLSmart Demonstrations
►SSLSmart GUI
►Custom scripts using SSLSmart API’s
![Page 11: nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration](https://reader034.vdocuments.us/reader034/viewer/2022042613/547c81e6b379597b2b8b4fec/html5/thumbnails/11.jpg)
www.foundstone.com
© 2010, McAfee, Inc.
Queries