TLS implementation test



Hi,

This is my first post on this list :)
I have to test TLS implementation on our product. Ths goal is not to
discover a threat in TLS but to find threat in our implementation.
In my test I'll do :
- MitM
- Replay attack (I think it will not be possible because of TLS timestamps )
- Dos
- Sniffing (to check that all communications are encrypted)

What other tests could be done ?


Thanks


Julien

PS : Sorry for my english ...

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • Re: TLS implementation test
    ... discover a threat in TLS but to find threat in our implementation. ... Replay attack (I think it will not be possible because of TLS timestamps) ... This is particularly important when using stream cipher based ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: sniffing plaintext protocols
    ... > Only if you configure your MUA not to downgrade to plain SMTP when TLS ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: TLS implementation test
    ... I have to test TLS implementation on our product. ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)