Hi Group, I have to test few same websites running on both HTTP and HTTPs (the code base is same). The concern here is the HTTP sites are available in pre-production and HTTPs are only available in Production environment.
As security testing is not preferable on production, my idea is to test the HTTP websites and to check HTTPs sites only for transport layer issues. My queries are: 1. is my approach correct? 2. Would there be any concerns/issues other than transport layer issues between HTTP and HTTPs site 3. Tools run on windows to check only SSL issues. 4. There is a tool named SSLDigger but mentioned not for commercial use? any clue on this..? Regards, Whitehat -- You received this message because you are subscribed to the Google Groups "nforceit" group. To view this discussion on the web, visit https://groups.google.com/d/msg/nforceit/-/DWBgiW2NPQEJ. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
