SSL Labs API Client

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'activesupport/inflector' require 'json' require 'activesupport/coreext/hash' class MetasploitModule uri, 'agent' = useragent, 'method' = 'GET', 'varsget' = para...

Active TLS1.1 and Weak Ciphers Causing environment Vulnerabilities

This Tech Paper aims to convey what someone skilled in ADC would configure as a generic implementation to receive an A+ grade atQualys SSL Labs...

Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis

Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or...

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

mod_ssl Bug and SSL Labs Renegotiation Test

Update February 20, 2019: To give more time to fix, we will re-enable the SSL Labs Renegotiation Test on March 11, 2019 two additional weeks. The Apache Security Team fixed a bug which triggers whenever a client attempts renegotiation with Apache HTTP Server 2.4.37 and OpenSSL 1.1.1. This bug...

SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols

Update 11/30/18: Now live on ssllabs.com: In Configuration-Protocols section “TLS 1.1” text color will be changed to Orange by end of November 2018 TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As there are no fixes or patches that can adequately fix SSL or...

Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF

We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...

SSL Labs Grading Update: Forward Secrecy, Authenticated Encryption and ROBOT

Update March 1, 2018: The completion of these changes is documented under Version 1.31.0 in the SSL Labs Changelog. We are giving advance notification for following grading criteria changes applying from March 1, 2018: Not using forward secrecy, not using AEAD suites, and vulnerability to ROBOT...

Google and Mozilla are Deprecating Existing Symantec Certificates

Earlier this month, after roughly six months of deliberation and planning, Google finalised their plans for staged deprecation of Symantec certificates. The process began in March 2017 when Google had announced on the Blink mailing list that they had lost confidence about Symantec’s certificate...

GSA Bounty: federalist.18f.gov vulnerable to Sweet32 attack

The researcher noted that federalist.18f.gov allows use of the TLSRSAWITH3DESEDECBCSHA cipher, which is now marked as "weak" in SSL labs because of risks of MitM attacks given this vulnerability: https://sweet32.info/, which requires monitoring of a long lived HTTPS connection. We inherit this...

SSL Labs Grading Redesign (Preview 1)

We’re excited to share with you the first preview of our next-generation grading. This is something that’s long overdue but, due to lack of available time, we managed to keep up patching the first-generation grading to keep up with the times. Now, finally, we’re taking the next necessary steps to...

HackerOne: Insecure SHA1withRSA in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com

Hello, I just found some minor issue with RSA 2048 bits SHA1withRSA in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com thru Qualys SSL Labs and wanted to report it. Proof of Concept https://www.ssllabs.com/ssltest/analyze.html?d=b5s.hackerone-ext-content.com Result: SHA1withRSA...

SSL Labs API Client

This module is a simple client for the SSL Labs APIs, designed for SSL/TLS assessment during a penetration test. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'activesupport/inflector' require 'json' require...

SSL Pulse Scans Quantify Vulnerable OpenSSL Servers

Certain mitigating factors made the recent OpenSSL man-in-the-middle vulnerability a notch or two below Heartbleed in terms of criticality. With that in consideration, it’s probably no surprise that patching levels for CVE-2014-0224 aren’t as high out of the gate as they were for Heartbleed. Ivan...

Automated HTTPS Vulnerability Testing by Qualys SSL Labs

Automated HTTPS Vulnerability Testing by Qualys SSL Labs One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users...

Automated HTTPS Vulnerability Testing by Qualys SSL Labs

Automated HTTPS Vulnerability Testing by Qualys SSL Labs One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users...