“HTTPS & SSL doesn’t mean “trust this.” It means “this is private.” You may be having a private conversation with Satan.” – Scott Hanselman
“Best wishes for the festive season from the RapydBlok team. 2020 hasn’t been the easiest year for most, but with all it’s challenges we have persevered. Well wishes for 2021 are in order.”
RapydBlok achieved some milestones this year including;
- A new product, INSPECT Web App, that can inspect website https security – inspect.rapydblok.com
- Fixed some bugs, added multi-threading for SCANS and improved on reporting and email delivery of results.
- Introduced #ScanFriday, to encourage regular security scanning.
- Gordon emigrated from Cape Town to Munich.
𝗛𝗼𝘄 𝗰𝗮𝗻 𝗜𝗡𝗦𝗣𝗘𝗖𝗧 𝗵𝗲𝗹𝗽 𝗺𝗲 – Most websites have SSL certificates to secure web traffic, 𝗜𝗡𝗦𝗣𝗘𝗖𝗧 will review the SSL certificate & web server configuration for any related issues and display the full results.
Summary of the common issues found during SSL scans;
It’s not secure enough to just install an SSL certificate, correct configuration is key!
- 𝙅𝙪𝙨𝙩 𝙞𝙣𝙨𝙩𝙖𝙡𝙡𝙞𝙣𝙜 𝙖𝙣 𝙎𝙎𝙇 𝙘𝙚𝙧𝙩𝙞𝙛𝙞𝙘𝙖𝙩𝙚 𝙞𝙨 𝙣𝙤𝙩 𝙚𝙣𝙤𝙪𝙜𝙝 𝙩𝙤 𝙨𝙚𝙘𝙪𝙧𝙚 𝙏𝙇𝙎/𝙎𝙎𝙇, it needs to be configured correctly on the web server & some web admins are unaware of this.
- 𝘿𝙚𝙥𝙧𝙚𝙘𝙞𝙖𝙩𝙚𝙙 𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡𝙨 𝙖𝙧𝙚 𝙘𝙤𝙣𝙛𝙞𝙜𝙪𝙧𝙚𝙙, mainly TLS 1 & TLS1.1 are offered in configuration but actually depreciated. Min of TLS v1.2 and TLS 1.3 should be offered.
- 𝙐𝙨𝙞𝙣𝙜 𝙤𝙗𝙨𝙤𝙡𝙚𝙩𝙚 𝙤𝙧 𝙤𝙡𝙙 𝙘𝙞𝙥𝙝𝙚𝙧𝙨, for certificates often requires a review and Mozilla has some good recommendations on ciphers & client support.
- 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙞𝙚𝙨, if old or obsolete Ciphers and Protocols are used, it can generally lead to vulnerabilities being available for that host.
- 𝙎𝙚𝙘𝙪𝙧𝙞𝙣𝙜 𝙬𝙞𝙩𝙝 TLS 1.3 𝙤𝙣𝙡𝙮, doesn’t allow for all web clients to connect, especially older ones but most importantly Internet Explorer users cant connect.
Shoutout to the testssl.sh team, without them there wouldn’t be an INSPECT product
Keep watching this space in 2021, the RapydBlok team will keep pushing the limits and do some great releases.
All the best, Fröhliche Weihnachten & Happy Holidays
Gordon Bishop – co-founder