Tag Archives: SSL

Rapid7 Nexpose in 2017

Last year I tested Rapid7 Nexpose and wrote two posts about installation and use of Nexpose Community Edition and Nexpose API. I didn’t follow news of this vendor for a about year. Today I watched live demo of Nexpose latest version. It has some new interesting features, improvements and ideas, that I would like to mention.

Rapid7 Nexpose in 2017

And of course, things that sales people say to you should be always taken with some skepticism. Only concrete implementation tested in your environment matters. But they usually mention some useful ideas that can be perceived independently from the products they promote.
Continue reading

High-Tech Bridge service and API for SSL/TLS server testing

Another great free SSL security testing service — High-Tech Bridge SSL Server Test (and Free API). I have already reviewed something quite familiar – Qualys SSL Labs client. So naturally there will be an element of comparison.

High-Tech Bridge SSL/TLS test request

Why have I tried something else after Qualys SSL Labs? The thing is Qualys doesn’t support IP addresses as a target. Maybe they don’t want it to be used for assessing full IP-ranges. I don’t know. But the fact is “IP addresses are not allowed”.

Continue reading

Qualys SSL Labs console client

Qualys SSL Labs is a free online service, which performs a deep analysis of web server SSL configuration and detects some common OpenSSL vulnerabilities either (e.g. Heartbleed).

Qualys SSL Lab Report

This service has an API and official console client, that could be used to automate security assessment.

Qualys SSL Labs official console client ssllabs-scan

Continue reading