HTTPs website security check
8 views
Skip to first unread message
Whitehat
Jun 21, 2012, 5:11:35 AM6/21/12
to nfor...@googlegroups.com
Hi Group,
I have to test few same websites running on both HTTP and HTTPs (the code base is same). The concern here is the HTTP sites are available in pre-production and HTTPs are only available in Production environment.
As security testing is not preferable on production, my idea is to test the HTTP websites and to check HTTPs sites only for transport layer issues.
My queries are:
1. is my approach correct?
2. Would there be any concerns/issues other than transport layer issues between HTTP and HTTPs site
3. Tools run on windows to check only SSL issues.
4. There is a tool named SSLDigger but mentioned not for commercial use? any clue on this..?
Regards,
Whitehat
I have to test few same websites running on both HTTP and HTTPs (the code base is same). The concern here is the HTTP sites are available in pre-production and HTTPs are only available in Production environment.
As security testing is not preferable on production, my idea is to test the HTTP websites and to check HTTPs sites only for transport layer issues.
My queries are:
1. is my approach correct?
2. Would there be any concerns/issues other than transport layer issues between HTTP and HTTPs site
3. Tools run on windows to check only SSL issues.
4. There is a tool named SSLDigger but mentioned not for commercial use? any clue on this..?
Regards,
Whitehat
Reply all
Reply to author
Forward
0 new messages