[Owasp-board] [GPC] OWASP.org SSL/TLS scan

Eoin eoin.keary at owasp.org
Mon May 30 20:57:29 UTC 2011


sounds fine on condition hosting company are ok with it.
(or are we still self hosted?)

On 30 May 2011 20:25, Matt Tesauro <matt.tesauro at owasp.org> wrote:

> I have not problem with it.
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
>
> On Mon, May 30, 2011 at 2:19 PM, Paulo Coimbra <pcoimbra at owasp.org> wrote:
>
>> Board & GPC,
>>
>> As you can see below, Raul Siles, being carbon copied, is requesting
>> authorization to target our website, run a SSL/TLS scan and publish the
>> results.
>>
>> Dinis has already assumed a position of agreement but, since he has
>> forwarded the question to me and Kate, I thought that consulting with you
>> was also appropriate. Can we have your understanding on this matter please?
>>
>> Thanks,
>>
>> - Paulo
>>
>> Paulo Coimbra
>> OWASP Project Manager<https://www.owasp.org/index.php/User:Paulo_Coimbra>
>>
>> From: Raul Siles <raul at taddong.com>
>> Date: Fri, 27 May 2011 23:30:22 +0200
>> To: Dinis Cruz <dinis.cruz at owasp.org>
>> Cc: Kate Hartmann <kate.hartmann at owasp.org>, Paulo Coimbra <
>> paulo.coimbra at owasp.org>
>> Subject: Re: OWASP.org SSL/TLS scan
>>
>> FYI. This was the blog post, tool, and scan I referred to:
>> http://blog.taddong.com/2011/05/tlssled-v10.html.
>> ----
>> Raul Siles
>> Founder & Senior Security Analyst
>> Taddong
>> raul at taddong.com | +34-639109172 | www.taddong.com
>>
>>
>>
>> On May 27, 2011, at 4:15 PM, Raul Siles wrote:
>>
>> Thanks Dinis!
>>  ----
>> Raul Siles
>> Founder & Senior Security Analyst
>> Taddong
>> raul at taddong.com | +34-639109172 | www.taddong.com
>>   On May 27, 2011, at 11:03 AM, dinis cruz wrote:
>>
>> I don't think you need permission, but if you want one, Kate or Paulo
>>  (CCed) should be able to give you one
>>  Dinis Cruz
>>  On 27 May 2011, at 09:34, Raul Siles <raul at taddong.com> wrote:
>>
>> Hi Dinis,
>> I hope to find you well... and sure busy ;)
>>  I plan to publish a blog post with a new tool/script to help people
>>  evaluate the security of their SSL/TLS (HTTPS) implementation. I
>> plan to submit it to the OWASP Testing Guide too [0], and I would
>> like to show an example of the script running on a target website,
>>  so I thought https://www.owasp.org would be a great target example.
>>  [0]
>> https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29
>>  Who (within OWASP) should I ask for authorization to run the SSL/TLS
>> scan (based on sslscan and openssl; no risk) and publish the results
>> on the blog?
>>  Thanks!
>>  ----
>> Raul Siles
>> Founder & Senior Security Analyst
>> Taddong
>> raul at taddong.com | +34-639109172 | www.taddong.com
>>
>>
>>
>>
>> _______________________________________________
>> Global-projects-committee mailing list
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKearyfine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110530/b8ca9735/attachment-0002.html>


More information about the Owasp-board mailing list