This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SSL TLS Knowledge Center"
(→Resources) |
(→Resources) |
||
| Line 3: | Line 3: | ||
=Resources= | =Resources= | ||
| + | |||
| + | == OWASP Resources == | ||
[[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | [[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | ||
| − | [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS | + | [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]] |
| − | [ | + | [[Guide to Cryptography]] |
| − | [http://michael-coates.blogspot.com/2009/11/https-data-exposure-get-vs-post.html HTTPS Data Exposure] - | + | == Articles & Blogs == |
| + | |||
| + | [http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/ STS in No Script] - How to enable STS support within No Script plugin | ||
| + | |||
| + | [http://michael-coates.blogspot.com/2009/11/https-data-exposure-get-vs-post.html HTTPS Data Exposure] - HTTPS data exposure comparison for GET and POST | ||
[https://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer | [https://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer | ||
| + | |||
| + | == Online Tools == | ||
| + | |||
| + | [https://www.ssllabs.com/ SSL Labs] Online tool to verify SSL/TLS certificate and configuration | ||
== NIST Guides == | == NIST Guides == | ||
Revision as of 20:33, 6 January 2010
Purpose
The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS.
Resources
OWASP Resources
Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet
Articles & Blogs
STS in No Script - How to enable STS support within No Script plugin
HTTPS Data Exposure - HTTPS data exposure comparison for GET and POST
SSL Server Rating Guide - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer
Online Tools
SSL Labs Online tool to verify SSL/TLS certificate and configuration
NIST Guides
SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations
FIPS 140-2 Security Requirements for Cryptographic Modules
Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program
SP 800-57 Recommendation for Key Management, Revision 2
SP 800-95 Guide to Secure Web Services
Specs
Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.
RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1
Needed
Guides for configuring SSL/TLS cipher support in common web servers
References to current SSL/TLS RFC specs
Eventually we'll need some sort of organization or grouping. We'll address that as it grows and a system makes sense.
More entries to the "Needed" list
Anything else that would be helpful related to SSL/TLS
