[Owasp-board] [GPC] OWASP.org SSL/TLS scan

Matt Tesauro matt.tesauro at owasp.org
Mon May 30 19:25:36 UTC 2011


I have not problem with it.

--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Mon, May 30, 2011 at 2:19 PM, Paulo Coimbra <pcoimbra at owasp.org> wrote:

> Board & GPC,
>
> As you can see below, Raul Siles, being carbon copied, is requesting
> authorization to target our website, run a SSL/TLS scan and publish the
> results.
>
> Dinis has already assumed a position of agreement but, since he has
> forwarded the question to me and Kate, I thought that consulting with you
> was also appropriate. Can we have your understanding on this matter please?
>
> Thanks,
>
> - Paulo
>
> Paulo Coimbra
> OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>
>
> From: Raul Siles <raul at taddong.com>
> Date: Fri, 27 May 2011 23:30:22 +0200
> To: Dinis Cruz <dinis.cruz at owasp.org>
> Cc: Kate Hartmann <kate.hartmann at owasp.org>, Paulo Coimbra <
> paulo.coimbra at owasp.org>
> Subject: Re: OWASP.org SSL/TLS scan
>
> FYI. This was the blog post, tool, and scan I referred to:
> http://blog.taddong.com/2011/05/tlssled-v10.html.
> ----
> Raul Siles
> Founder & Senior Security Analyst
> Taddong
> raul at taddong.com | +34-639109172 | www.taddong.com
>
>
>
> On May 27, 2011, at 4:15 PM, Raul Siles wrote:
>
> Thanks Dinis!
> ----
> Raul Siles
> Founder & Senior Security Analyst
> Taddong
> raul at taddong.com | +34-639109172 | www.taddong.com
>   On May 27, 2011, at 11:03 AM, dinis cruz wrote:
>
> I don't think you need permission, but if you want one, Kate or Paulo
> (CCed) should be able to give you one
>  Dinis Cruz
>  On 27 May 2011, at 09:34, Raul Siles <raul at taddong.com> wrote:
>
> Hi Dinis,
> I hope to find you well... and sure busy ;)
>  I plan to publish a blog post with a new tool/script to help people
> evaluate the security of their SSL/TLS (HTTPS) implementation. I
> plan to submit it to the OWASP Testing Guide too [0], and I would
> like to show an example of the script running on a target website,
> so I thought https://www.owasp.org would be a great target example.
>  [0]
> https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29
>  Who (within OWASP) should I ask for authorization to run the SSL/TLS
> scan (based on sslscan and openssl; no risk) and publish the results
> on the blog?
>  Thanks!
> ----
> Raul Siles
> Founder & Senior Security Analyst
> Taddong
> raul at taddong.com | +34-639109172 | www.taddong.com
>
>
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110530/1a18b2cc/attachment-0002.html>


More information about the Owasp-board mailing list