This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "O-Saft"

From OWASP
Jump to: navigation, search
m (typo)
Line 1: Line 1:
 +
=Main=
 +
 +
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 +
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
==OWASP O-Saft==
 +
 
O-Saft is an easy to use tool to show informations about SSL connections and the provided SSL certificates.
 
O-Saft is an easy to use tool to show informations about SSL connections and the provided SSL certificates.
  
It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experianced people.
+
It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people.
 +
 
 +
==Introduction==
 +
 
 +
Write a short introduction
 +
 
 +
 
 +
 
 +
==Description==
 +
 
 +
Write a description that is just a few paragraphs long
 +
 
 +
 
 +
==Licensing==
 +
OWASP O-Saft is free to use. It is licensed under the GPL v2 license.
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
== What is XXX? ==
 +
 
 +
OWASP XXX  provides:
 +
 
 +
* xxx
 +
* xxx
 +
 
 +
 
 +
== Presentation ==
 +
 
 +
Link to presentation
 +
 
 +
 
 +
 
 +
 
 +
== Project Leader ==
 +
 
 +
Project leader's name
 +
 
 +
 
 +
== Related Projects ==
 +
 
 +
* [[OWASP_CISO_Survey]]
 +
 
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* Link to page/download
 +
 
 +
 
 +
 
 +
== News and Events ==
 +
* [20 Nov 2013] News 2
 +
* [30 Sep 2013] News 1
 +
 
 +
 
 +
== In Print ==
 +
This project can be purchased as a print on demand book from Lulu.com
 +
 
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=]]
 +
  |}
 +
 
 +
|}
 +
 
 +
=FAQs=
 +
 
 +
; Q1
 +
: A1
 +
 
 +
; Q2
 +
: A2
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* xxx
 +
* xxx
 +
 
 +
==Others==
 +
* xxx
 +
* xxx
 +
 
 +
= Road Map and Getting Involved =
 +
As of XXX, the priorities are:
 +
* xxx
 +
* xxx
 +
* xxx
 +
 
 +
Involvement in the development and promotion of XXX is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* xxx
 +
* xxx
 +
 
 +
 
  
 
=Project About=
 
=Project About=
{{:Projects/O-Saft}}
+
{{:Projects/O-Saft}}
 +
 
 +
__NOTOC__ <headertabs />
  
[[Category:OWASP Project]]
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]

Revision as of 17:24, 29 January 2014

OWASP Project Header.jpg

OWASP O-Saft

O-Saft is an easy to use tool to show informations about SSL connections and the provided SSL certificates.

It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people.

Introduction

Write a short introduction


Description

Write a description that is just a few paragraphs long


Licensing

OWASP O-Saft is free to use. It is licensed under the GPL v2 license.


What is XXX?

OWASP XXX provides:

  • xxx
  • xxx


Presentation

Link to presentation



Project Leader

Project leader's name


Related Projects

Quick Download

  • Link to page/download


News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg
Q1
A1
Q2
A2

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

As of XXX, the priorities are:

  • xxx
  • xxx
  • xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx



Template:Outdated page, please see: O-Saft


OWASP Defenders logo.png This project is part of the OWASP Defenders community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.


PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
O-Saft 
The main idea is to have a tool which works on common platforms and can simply be automated.
In a Nutshell
  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own libssl.so and libcrypt.so
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways ;-)
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems
Installation
* Download and unpack o-saft.tgz
* Ensure that following perl modules (and their dependencies) are installed
      IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
* Start: o-saft --help
License: GPL v2
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Achim @ to contribute to this project
  • Contact Achim @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases
current release
O-Saft 14.1.4 - 01/2014 - (download)

Release Leader: Achim @

Release details: N/A :

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0


}

Retrieved from "https://wiki.owasp.org/index.php?title=O-Saft&oldid=166862"