barefoot cybersecurity

security… mobility… cloud… technology… whatever…


Leave a comment

Free SLL Server Test.

Many vendors provide free (freeware, freemium) tools to attract you into trying their product and getting hooked.Trying out these, often unsupported technologies, is a disappointing experience when they either;

  • don’t deliver all they promise
  • ask you to upgrade to the premium product before you get anything useful
  • bombard you with ads (or worse)
  • all of the above!!

 

However, occasionally it’s possible to stumble across a gem. Here’s one I’ve found useful recently.

Qualys SSL Labs

Ever wonder just how secure that new online shop is you are just itching to pump your credit card details into? Well you should.

This free service performs a deep analysis of the configuration of any SSL web server on the public internet. Simply type in the address of the secure website (https) you want to test. The service will firstly look at the certificate to verify that it is valid and trusted. It then inspects the server configuration for protocols, key exchange and cipher support.

Finally a percentage score is awarded to the individual categories and a total score and grade displayed.

I testing the usually popular services, Gmail, Facebook, Skype etc . as well as a several online banks and, as you’d expect they all achieved a grade A (80% or above). Then I tried the South African revenue service (I need to do my tax return!) at secure.sarsefiling.co.za. Only 61%.

What other government sites can I test? FBI? Only 57%!

Both were let down by the key exchange phase making them vulnerable to denial of service and/or man in the middle attacks.

Next time my finger is hovering over the “check-out” button, I’ll be sure to test here first. https://www.ssllabs.com/ssltest