This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/O-Saft/Roadmap"
From OWASP
(OCSP url) |
|||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | * check | + | * add check if OCSP url exists and responds ok |
| + | * build better map with description for ciphers (prepared in OSaft/Ciphers.pm ) | ||
* review the code (technically, note that it is a testing and not a security tool) | * review the code (technically, note that it is a testing and not a security tool) | ||
| + | * formatting output should be a postprocess; scoring should be a postprocess | ||
* add check for certificate chains | * add check for certificate chains | ||
* add proper metric for risks rating | * add proper metric for risks rating | ||
* implement client certificates | * implement client certificates | ||
* encourage other admins and developers to fix their SSL issues ;-)" | * encourage other admins and developers to fix their SSL issues ;-)" | ||
| + | |||
| + | ==== Done ==== | ||
| + | * 08/2016: GUI improved with more modern buttons and better window layout | ||
| + | * 07/2016: some more checks vor new vulnerabilities added | ||
| + | * 04/2015: build simple GUI | ||
| + | * 12/2014: move formatting functionality to o-saft-usr.pm | ||
| + | * 11/2014: implement other protocols (STARTTLS, IMAPS, POPS, ...) | ||
| + | * 09/2014: move description to external file; remove POD | ||
| + | * 05/2014: check target for any possible/existing cipher | ||
Latest revision as of 21:51, 16 December 2016
- add check if OCSP url exists and responds ok
- build better map with description for ciphers (prepared in OSaft/Ciphers.pm )
- review the code (technically, note that it is a testing and not a security tool)
- formatting output should be a postprocess; scoring should be a postprocess
- add check for certificate chains
- add proper metric for risks rating
- implement client certificates
- encourage other admins and developers to fix their SSL issues ;-)"
Done
- 08/2016: GUI improved with more modern buttons and better window layout
- 07/2016: some more checks vor new vulnerabilities added
- 04/2015: build simple GUI
- 12/2014: move formatting functionality to o-saft-usr.pm
- 11/2014: implement other protocols (STARTTLS, IMAPS, POPS, ...)
- 09/2014: move description to external file; remove POD
- 05/2014: check target for any possible/existing cipher
