Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Tuesday, June 12, 2012

THCSSLCheck - Discover weak ssl/cipher

THCSSLCheck is useful for both, admins and penetration testers, to easily figure out weak SSL configuration on the target servers. For Ex. most webservers like apache on the internet, allow to connect with SSLv2, which is known to be broken, even good methods, like SSLv3, support weak ciphers like RC4, which should also be disabled.Download the tool and then open command prompt and then traverse to that THCSSLCheck folder and run the following command

THCSSLCheck.exe www.abc.com 443

Where "www.abc.com" is the target website and "443" is the SSL port on which application is running, so change these two parameters according to your environment and you will get an output like in the below window.


 About THCSSLCheck:




No comments:

Post a Comment