This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SSL TLS Knowledge Center"
(→Resources) |
(→Online Tools) |
||
| (4 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
=Purpose= | =Purpose= | ||
| − | The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS. | + | The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS. This is a community driven page. Please contribute by adding links or requests for links. |
=Resources= | =Resources= | ||
| + | |||
| + | == OWASP Resources == | ||
[[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | [[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | ||
| − | [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]] | + | [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]] |
| + | |||
| + | [[Guide to Cryptography]] | ||
| + | |||
| + | == Articles & Blogs == | ||
| − | [http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/ STS in No Script] - | + | [http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/ STS in No Script] - How to enable STS support within No Script plugin |
| − | [http://michael-coates.blogspot.com/2009/11/https-data-exposure-get-vs-post.html HTTPS Data Exposure] - | + | [http://michael-coates.blogspot.com/2009/11/https-data-exposure-get-vs-post.html HTTPS Data Exposure] - HTTPS data exposure comparison for GET and POST |
[https://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer | [https://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer | ||
| + | |||
| + | == Online Tools == | ||
| + | |||
| + | [https://www.ssllabs.com/ SSL Labs] - Online tool to verify SSL/TLS certificate and configuration. | ||
| + | |||
| + | [https://www.htbridge.com/ssl/ High-Tech Bridge] - Online tool to verify SSL/TLS compliance with NIST SP 800-52 guidelines and PCI DSS requirements. | ||
== NIST Guides == | == NIST Guides == | ||
| Line 38: | Line 50: | ||
References to current SSL/TLS RFC specs | References to current SSL/TLS RFC specs | ||
| − | + | More entries to this "Needed" list | |
| − | |||
| − | More entries to | ||
Anything else that would be helpful related to SSL/TLS | Anything else that would be helpful related to SSL/TLS | ||
Latest revision as of 10:52, 19 November 2015
Purpose
The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS. This is a community driven page. Please contribute by adding links or requests for links.
Resources
OWASP Resources
Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet
Articles & Blogs
STS in No Script - How to enable STS support within No Script plugin
HTTPS Data Exposure - HTTPS data exposure comparison for GET and POST
SSL Server Rating Guide - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer
Online Tools
SSL Labs - Online tool to verify SSL/TLS certificate and configuration.
High-Tech Bridge - Online tool to verify SSL/TLS compliance with NIST SP 800-52 guidelines and PCI DSS requirements.
NIST Guides
SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations
FIPS 140-2 Security Requirements for Cryptographic Modules
Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program
SP 800-57 Recommendation for Key Management, Revision 2
SP 800-95 Guide to Secure Web Services
Specs
Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.
RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1
Needed
Guides for configuring SSL/TLS cipher support in common web servers
References to current SSL/TLS RFC specs
More entries to this "Needed" list
Anything else that would be helpful related to SSL/TLS
