Content

Service Provider Security-Monitoring

The result of this project is the web app named SSL Audit Tool, which analyzes security aspects of the SSL connection to a service provider. First, the app lets a user specify a host name of an arbitrary service provider. Then, the app analyzes different aspects of the connection to this service provider, evaluates the results and reports them back to the user. The following aspects are subject of the analysis:

  • Supported cipher suites and their evaluation according to the PVP-SMA catalogue
  • Supported TLS protocol versions
  • Chain of trust of the service provider's TLS Certificate
  • Test, if service provider is vulnerable to common SSL vulnerabilities (e.g. Heart Bleed)
  • DNSSec and DANE configuration

In order to ease interpretation of the reported results, the tool uses an intuitive color scheme for hinting that certain aspects are properly secured (green) or need further investigation (red). The tool also puts the results into context by explaining why a result is problematic or satisfactory.

(Temporary) Link to SSL Audit Tool: https://vidp.gv.at/ssl/

Service Provider Security Monitoring Logo
Scroll forward