?
Solved

Ways to assess https/ssl websites

Posted on 2016-11-02
3
Medium Priority
?
139 Views
Last Modified: 2016-11-08
https://www.ssllabs.com/ssltest

I currently use the above to scan & assess (but without whitelisting).
Are there better ways/tools do assess a https/ssl site?  Some sites
simply cant connect using the above scanning url
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
Kent W earned 1000 total points
ID: 41870663
Can you explain more of what you mean by "can not connect using the above scanning URL"?
If there is something preventing SSL labs from connecting to your sites, this will probably hinder others.
There are other scanners, I'll only list those that check the security / validity of your cert. Some, for instance, are geared towards just checking for correct installation. These actually test SSL security factors.  (That being said, it's very hard to beat Qualys's SSL Labs.)
Others -
https://www.sslshopper.com/ssl-checker.html
https://www.htbridge.com/ssl/
0
 

Assisted Solution

by:sunhux
sunhux earned 0 total points
ID: 41871586
Then I should be looking at other aspects of the secure website like
what Pen Test scans do : Tcp timestamp, folders of the IIS is listable
etc
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 1000 total points
ID: 41871664
SSL Labs testing makes a lot of requests to the site it is testing.  Some sites reject the requests at times on the basis that it is not a 'normal' method of requesting the site.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question