August updates released for RapydBlok INSPECT

The RapydBlok team have been testing and finding ways to improve on the initial release, the below are updates released for RapydBlok INSPECT in August 2020;

[Scan to inspect website https security]

1: [New] – New option to receive results via email, email used once-off and not stored.
2: [Improve] – Option added to download full html report.
3: [Improve] – Multi-threading added for scans to improve scanning times.
4: [Bug Fixes] – Two minor bugs resolved.

[SCAN]https://inspect.rapydblok.com

5: [Listed] – RapydBlok INSPECT has been listed on https://github.com/drwetter/testssl.sh as an ‘External/related project’

RapydBlok INSPECT main page

RapydBlok Inspect
Inspect TLS/SSL certificate configuration
https://inspect.rapydblok.com#

RapydBlok INSPECT Web App is Live

RapydBlok is proud to announce that the ‘RapydBlok INSPECT’ product is finished and in production!

After many cups of coffee, weeks of planning, development & fine tuning, the team have produced a free web app to audit TLS/SSL configurations.

What is RapydBlok INSPECT?

INSPECT is a free Web application that can audit & report on TLS/SSL ciphers & protocols for configuration issues, cryptographic flaws, vulnerabilities, HTTP security headers. INSPECT is built upon the foundations of the open source, testssl.sh toolset.

How can that help me?

– Most websites have SSL certificates to secure web traffic, INSPECT will review your SSL certificate and web server configuration for any related issues and display the full results.

Run a SCAN: inspect.rapydblok.com

What are the common issues found so far?

1: Just installing an SSL certificate is not enough to secure TLS/SSL, it needs to be configured correctly on the web server & some web admins are unaware of this.

2: Depreciated Protocols are configured, mainly TLS 1 & TLS1.1 are offered in configuration but actually depreciated. Min of TLS v1.2 and TLS 1.3 should be offered.

3: Using obsolete or old ciphers, for certificates often requires a review and Mozilla has some good recommendations on ciphers & client support.

4: Vulnerabilities, if old or obsolete Ciphers and Protocols are used, it can generally lead to vulnerabilities being available for that host.

5: Securing only with TLS1.3, doesn’t allow for all web clients to connect, especially older ones but most importantly Internet Explorer users cant connect.

6: Host scanned multiple times, hosts are being scanned around 3 times on average, as configuration changes are done in small stages, and confirmed correct via re-scans.

 

Results page screenshots;

 

RapydBlok INSPECT Audit SSL

RapydBlok INSPECT Audit SSL

RapydBlok INSPECT Audit SSL

RapydBlok INSPECT Audit SSL

RapydBlok Inspect product is in active development

RapydBlok InspectRapydBlok Inspect logo

 

RapydBlok.com is current building a new product called “Inspect”. RapydBlok Inspect will be a free web application (webapp) that will be able to audit and report on hosts TLS/SSL ciphers and protocols for configuration issues, cryptographic flaws, vulnerabilities, HTTP security headers and more.

We will be building this service upon a solid foundation, using the open source testssl.sh toolset (https://testssl.sh) from Dr Wetter and team.

The RapydBlok Inspect product will not only offer a webapp but also an Application Programming Interface (API), which will allow 3rd party integrations.

Keep watching this space..