Difference between revisions of "Projects/O-Saft"

From OWASP
Jump to: navigation, search
(Created page with "{{Template:Project About | project_name =O-Saft | project_home_page =O-Saft | project_description =This tools lists information about remote target's SSL certificate and tests...")
 
m (typo)
(16 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
[[Category:OWASP Project]]
 +
[[Category:OWASP Tool]]
 +
[[Category:OWASP Download]]
 +
{{OWASP Defenders}}
 +
 
{{Template:Project About
 
{{Template:Project About
 
| project_name =O-Saft
 
| project_name =O-Saft
 
| project_home_page =O-Saft
 
| project_home_page =O-Saft
 
| project_description =This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
 
| project_description =This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
 +
;O-Saft - OWASP SSL audit for testers
 +
:The main idea is to have a tool which works on common platforms and can simply be automated.
 +
;In a Nutshell:
 +
:* show SSL connection details
 +
:* show certificate details
 +
:* check for supported ciphers
 +
:* check for ciphers provided in your own libssl.so and libcrypt.so
 +
:* check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
 +
:* may check for a single attribute
 +
:* may check multiple targets at once
 +
:* can be scripted (headless or as CGI)
 +
:* should work on any platform (just needs perl, openssl optional)
 +
:* scoring for all checks (still to be improved in many ways ;-)
 +
:* output format can be customized
 +
:* various trace and debug options to hunt unusual connection problems
 +
 
| project_license = GPL v2
 
| project_license = GPL v2
| leader_name1 = Achim
+
| leader_name1 = [[User:Achim|Achim]]
 
| leader_email1 = Achim@owasp.org
 
| leader_email1 = Achim@owasp.org
 
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/o-saft
 
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/o-saft
 
| project_road_map = https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
 
| project_road_map = https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
 +
| links_url1 = http://github.com/OWASP/O-Saft
 +
| links_name1 = Repository https://github.com/OWASP/O-Saft
 +
| links_url2 = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 +
| links_name2 = Unpack o-saft.tgz and start: ''o-saft --help''
 
}}
 
}}
 +
{{Template:OWASP_Release_Info
 +
| current_release_name = O-Saft 13.03.13
 +
| current_release_date = 03/2013
 +
| current_release_download_link = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 +
| current_release_leader_name = [[User:Achim|Achim]]
 +
| current_release_leader_email = achim@owasp.org
 +
}}
 +
<!-- removed from above template
 +
| current_release_details = https://github.com/OWASP/O-Saft <nowiki> (most checks implemented, rudimentary scoring) </nowiki>
 +
-->
 +
 +
<!-- following does not update "REALEASE(S) INFO"  in top right of page:
 +
{{Template:Releases Summary | project_name = O-Saft }}
 +
{{Template:Release
 +
| release_name  = O-Saft 13.03.13
 +
| release_date  = 03/2013
 +
| download_link = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 +
}}
 +
-->

Revision as of 15:26, 5 June 2013

OWASP Defenders logo.png This project is part of the OWASP Defenders community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: O-Saft (home page)
Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
O-Saft - OWASP SSL audit for testers
The main idea is to have a tool which works on common platforms and can simply be automated.
In a Nutshell
  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own libssl.so and libcrypt.so
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways ;-)
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems
License: GPL v2
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Achim @ to contribute to this project
  • Contact Achim @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases
current release
O-Saft 13.03.13 - 03/2013 - (download)

Release Leader: Achim @

Release details: N/A :

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0