Taras, On Wed, May 16, 2012 at 9:46 AM, Taras <ox...@oxdef.info> wrote: > Hi, all! > > I plan to add a few small checks and improvements into > audit.sslCertificate plugin. Among them: > > * support of DNS alt names > * checking for *soon* expired certificates
I like the second point very much! > So do you have any ideas what we also need to add to this plugin? Yesterday / a couple of days ago, someone published a new tool in full-disclosure, written in python, GPL3, (don't remember the name) which main objective was to check for SSL certificates. Maybe you can take some ideas from that tool? Remember that gpl3 and gpl2 are incompatible so we can't simply copy+paste stuff > One more question is why do we consider ssl errors as information and > not as vulnerabilities? I suggest to raise severity of SSL errors to > vuln object. If it is a vulnerability, it's of the lowest severity IMHO. > > -- > Taras > http://oxdef.info > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
