[Owasp-board] [GPC] OWASP.org SSL/TLS scan

Seba seba at owasp.org
Tue May 31 08:51:48 UTC 2011


I am ok with this.
Understand that OWASP is running the web site as a wiki, not an online
banking web site.
The OWASP web site is not meant to be an example of a highly secured web site.

Just make sure you don't DOS us :-)

--Seba

On Mon, May 30, 2011 at 9:19 PM, Paulo Coimbra <pcoimbra at owasp.org> wrote:
> Board & GPC,
> As you can see below, Raul Siles, being carbon copied, is requesting
> authorization to target our website, run a SSL/TLS scan and publish the
> results.
> Dinis has already assumed a position of agreement but, since he has
> forwarded the question to me and Kate, I thought that consulting with you
> was also appropriate. Can we have your understanding on this matter please?
> Thanks,
> - Paulo
> Paulo Coimbra
> OWASP Project Manager
> From: Raul Siles <raul at taddong.com>
> Date: Fri, 27 May 2011 23:30:22 +0200
> To: Dinis Cruz <dinis.cruz at owasp.org>
> Cc: Kate Hartmann <kate.hartmann at owasp.org>, Paulo Coimbra
> <paulo.coimbra at owasp.org>
> Subject: Re: OWASP.org SSL/TLS scan
>
> FYI. This was the blog post, tool, and scan I referred to:
> http://blog.taddong.com/2011/05/tlssled-v10.html.
> ----
> Raul Siles
> Founder & Senior Security Analyst
> Taddong
> raul at taddong.com | +34-639109172 | www.taddong.com
>
>
> On May 27, 2011, at 4:15 PM, Raul Siles wrote:
>
> Thanks Dinis!
> ----
> Raul Siles
> Founder & Senior Security Analyst
> Taddong
> raul at taddong.com | +34-639109172 | www.taddong.com
> On May 27, 2011, at 11:03 AM, dinis cruz wrote:
>
> I don't think you need permission, but if you want one, Kate or Paulo
> (CCed) should be able to give you one
> Dinis Cruz
> On 27 May 2011, at 09:34, Raul Siles <raul at taddong.com> wrote:
>
> Hi Dinis,
> I hope to find you well... and sure busy ;)
> I plan to publish a blog post with a new tool/script to help people
> evaluate the security of their SSL/TLS (HTTPS) implementation. I
> plan to submit it to the OWASP Testing Guide too [0], and I would
> like to show an example of the script running on a target website,
> so I thought https://www.owasp.org would be a great target example.
> [0] https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29
> Who (within OWASP) should I ask for authorization to run the SSL/TLS
> scan (based on sslscan and openssl; no risk) and publish the results
> on the blog?
> Thanks!
> ----
> Raul Siles
> Founder & Senior Security Analyst
> Taddong
> raul at taddong.com | +34-639109172 | www.taddong.com
>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>



More information about the Owasp-board mailing list