This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SSL TLS Knowledge Center"
(→Needed) |
|||
| Line 4: | Line 4: | ||
=Resources= | =Resources= | ||
[[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | [[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | ||
| + | |||
| + | [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]], and OWASP [[Guide to Cryptography]] | ||
[http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html Strict Transport Security Spec] - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels. | [http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html Strict Transport Security Spec] - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels. | ||
| Line 10: | Line 12: | ||
[http://michael-coates.blogspot.com/2009/11/https-data-exposure-get-vs-post.html HTTPS Data Exposure] - [BlogPost] HTTPS data exposure comparison for GET and POST | [http://michael-coates.blogspot.com/2009/11/https-data-exposure-get-vs-post.html HTTPS Data Exposure] - [BlogPost] HTTPS data exposure comparison for GET and POST | ||
| + | |||
| + | [http://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] | ||
| + | |||
| + | [http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations] | ||
| + | |||
| + | [http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf FIPS 140-2 Security Requirements for Cryptographic Modules] | ||
| + | |||
| + | [http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program] | ||
| + | |||
| + | [http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf SP 800-57 Recommendation for Key Management, Revision 2] | ||
| + | |||
| + | [http://csrc.nist.gov/publications/drafts.html#sp800-95 SP 800-95 Guide to Secure Web Services] | ||
| + | |||
| + | [http://www.ietf.org/rfc/rfc3280.txt RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | ||
| + | |||
| + | [http://www.ietf.org/rfc/rfc4346.txt RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1] | ||
= Needed = | = Needed = | ||
Revision as of 18:18, 6 January 2010
Purpose
The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS.
Resources
Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet
Testing for SSL-TLS, and OWASP Guide to Cryptography
Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.
STS in No Script - [BlogPost] How to enable STS support within No Script plugin
HTTPS Data Exposure - [BlogPost] HTTPS data exposure comparison for GET and POST
SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations
FIPS 140-2 Security Requirements for Cryptographic Modules
Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program
SP 800-57 Recommendation for Key Management, Revision 2
SP 800-95 Guide to Secure Web Services
RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1
Needed
Guides for configuring SSL/TLS cipher support in common web servers
References to current SSL/TLS RFC specs
Eventually we'll need some sort of organization or grouping. We'll address that as it grows and a system makes sense.
More entries to the "Needed" list
Anything else that would be helpful related to SSL/TLS
