RapydBlok – 2020 in Review

“HTTPS & SSL doesn’t mean “trust this.” It means “this is private.” You may be having a private conversation with Satan.” – Scott Hanselman

Best wishes for the festive season from the RapydBlok team. 2020 hasn’t been the easiest year for most, but with all it’s challenges we have persevered. Well wishes for 2021 are in order.”

RapydBlok achieved some milestones this year including;

  • A new product, INSPECT Web App, that can inspect website https security – inspect.rapydblok.com
  • Fixed some bugs, added multi-threading for SCANS and improved on reporting and email delivery of results.
  • Introduced #ScanFriday, to encourage regular security scanning.
  • Gordon emigrated from Cape Town to Munich.

๐—›๐—ผ๐˜„ ๐—ฐ๐—ฎ๐—ป ๐—œ๐—ก๐—ฆ๐—ฃ๐—˜๐—–๐—ง ๐—ต๐—ฒ๐—น๐—ฝ ๐—บ๐—ฒ โ€“ Most websites have SSL certificates to secure web traffic, ๐—œ๐—ก๐—ฆ๐—ฃ๐—˜๐—–๐—ง will review the SSL certificate & web server configuration for any related issues and display the full results.

Summary of the common issues found during SSL scans;

It’s not secure enough to just install an SSL certificate, correct configuration is key!

  1. ๐™…๐™ช๐™จ๐™ฉ ๐™ž๐™ฃ๐™จ๐™ฉ๐™–๐™ก๐™ก๐™ž๐™ฃ๐™œ ๐™–๐™ฃ ๐™Ž๐™Ž๐™‡ ๐™˜๐™š๐™ง๐™ฉ๐™ž๐™›๐™ž๐™˜๐™–๐™ฉ๐™š ๐™ž๐™จ ๐™ฃ๐™ค๐™ฉ ๐™š๐™ฃ๐™ค๐™ช๐™œ๐™ ๐™ฉ๐™ค ๐™จ๐™š๐™˜๐™ช๐™ง๐™š ๐™๐™‡๐™Ž/๐™Ž๐™Ž๐™‡, it needs to be configured correctly on the web server & some web admins are unaware of this.
  2. ๐˜ฟ๐™š๐™ฅ๐™ง๐™š๐™˜๐™ž๐™–๐™ฉ๐™š๐™™ ๐™‹๐™ง๐™ค๐™ฉ๐™ค๐™˜๐™ค๐™ก๐™จ ๐™–๐™ง๐™š ๐™˜๐™ค๐™ฃ๐™›๐™ž๐™œ๐™ช๐™ง๐™š๐™™, mainly TLS 1 & TLS1.1 are offered in configuration but actually depreciated. Min of TLS v1.2 and TLS 1.3 should be offered.
  3. ๐™๐™จ๐™ž๐™ฃ๐™œ ๐™ค๐™—๐™จ๐™ค๐™ก๐™š๐™ฉ๐™š ๐™ค๐™ง ๐™ค๐™ก๐™™ ๐™˜๐™ž๐™ฅ๐™๐™š๐™ง๐™จ, for certificates often requires a review and Mozilla has some good recommendations on ciphers & client support.
  4. ๐™‘๐™ช๐™ก๐™ฃ๐™š๐™ง๐™–๐™—๐™ž๐™ก๐™ž๐™ฉ๐™ž๐™š๐™จ, if old or obsolete Ciphers and Protocols are used, it can generally lead to vulnerabilities being available for that host.
  5. ๐™Ž๐™š๐™˜๐™ช๐™ง๐™ž๐™ฃ๐™œ ๐™ฌ๐™ž๐™ฉ๐™ TLS 1.3 ๐™ค๐™ฃ๐™ก๐™ฎ, doesnโ€™t allow for all web clients to connect, especially older ones but most importantly Internet Explorer users cant connect.

Shoutout to the testssl.sh team, without them there wouldn’t be an INSPECT product

Keep watching this space in 2021, the RapydBlok team will keep pushing the limits and do some great releases.

 

All the best, Frรถhliche Weihnachten & Happy Holidays

Gordon Bishop – co-founder

Leave a Comment