TLS implementation test

From: Julien <prospi@xxxxxxxxx>
Date: Fri, 20 Oct 2006 10:27:39 +0200

Hi,

This is my first post on this list :)
I have to test TLS implementation on our product. Ths goal is not to
discover a threat in TLS but to find threat in our implementation.
In my test I'll do :
- MitM
- Replay attack (I think it will not be possible because of TLS timestamps )
- Dos
- Sniffing (to check that all communications are encrypted)

What other tests could be done ?

Thanks

Julien

PS : Sorry for my english ...

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Follow-Ups:
- Re: TLS implementation test
  - From: Ariel Waissbein
- Re: TLS implementation test
  - From: Tim
- Re: TLS implementation test
  - From: Kurt Seifried

Prev by Date: Re: XSS - how to run script
Next by Date: Medusa 1.3 Release
Previous by thread: XSS - how to run script
Next by thread: Re: TLS implementation test
Index(es):
- Date
- Thread

Relevant Pages

Re: TLS implementation test
... discover a threat in TLS but to find threat in our implementation. ... Replay attack (I think it will not be possible because of TLS timestamps) ... This is particularly important when using stream cipher based ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: sniffing plaintext protocols
... > Only if you configure your MUA not to downgrade to plain SMTP when TLS ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: TLS implementation test
... I have to test TLS implementation on our product. ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)