List,
I'm looking for a contributor to finish up a small section of the
audit.sslCertificate plugin.
I've been coding this plugin and I've got to a section where my
knowledge is scarce and my research time is *so* limited that I won't
be able to do it by myself. My problem is in the "def
_analyze_cert(self, cert, ssl_conn):" method of the
audit.sslCertificate plugin, where tests related to the SSL
certificate of the remote website should be implemented. I've been
doing some google searches and I found these links that might help:
- http://www.nessus.org/plugins/index.php?view=single&id=26928
- http://www.nessus.org/plugins/index.php?view=single&id=31705
The idea is to check if the ciphers used are safe, if the SSL
version is ok, if the certificate has expired or not, if it's self
signed, and other security related things about the cert. If you want
to help, just download the latest w3af version from the SVN in order
to get the latest plugin version, answer this email to the mailing
list and just start working =)
Thanks in advance!
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
