Our great sponsors
-
If it's useful, here [1] is a tool for auditing the SSH config of a server from the internet and suggesting hardening options for both server and client. And here [2] is a tool for configuring TLS on various web servers and load balancers.
-
CryptoLyzer
CryptoLyzer is a fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI/.
You can also use CryptoLyzer[1] to audit your TLS (not just HTTPS, but SMTP, IMAP, ...) and SSH servers if you do not want to use SaaS solutions.
There are another tools (open source and SaaS) on OWASP Transport Layer Protection Cheat Sheet page[2].
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Related posts
- Server TLS settings analyzer CryptoLyzer with OpenVPN support has released
- CryptoLyzer 0.8.5 with browser (Chromium, Firefox, Opera) compatibility checker
-
Terrapin-Scanner VS CryptoLyzer - a user suggested alternative
2 projects | 14 Jan 2024
- Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
- Ask HN: How does the xz backdoor replace RSA_public_decrypt?