[Owasp-infrastructure] [Owasp-board] [GPC] OWASP.org SSL/TLSscan

Laurence Casey larry.casey at aspectsecurity.com
Tue May 31 09:50:57 EDT 2011


I don't see any problem with it either.

 

--Larry

 

From: owasp-infrastructure-bounces at lists.owasp.org
[mailto:owasp-infrastructure-bounces at lists.owasp.org] On Behalf Of Jason
Li
Sent: Monday, May 30, 2011 3:39 PM
To: Paulo Coimbra; Laurence Casey
Cc: Raul Siles; Dinis Cruz; Kate Hartmann;
owasp-infrastructure at lists.owasp.org; owasp-board at lists.owasp.org; GPC
Subject: Re: [Owasp-infrastructure] [Owasp-board] [GPC] OWASP.org
SSL/TLSscan

 

All,

 

The scan Raul is suggesting sounds non-intrusive, non-destructive, and
non-load bearing. I personally don't see any issues with such a scan and
Matt has already given his assent.

 

For future reference though, I don't believe the GPC is the appropriate
party to give consent regarding scans against the OWASP website.

 

-Jason



On Mon, May 30, 2011 at 3:25 PM, Matt Tesauro <matt.tesauro at owasp.org>
wrote:

I have not problem with it.


--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site



On Mon, May 30, 2011 at 2:19 PM, Paulo Coimbra <pcoimbra at owasp.org>
wrote:

	Board & GPC, 

	 

	As you can see below, Raul Siles, being carbon copied, is
requesting authorization to target our website, run a SSL/TLS scan and
publish the results. 

	 

	Dinis has already assumed a position of agreement but, since he
has forwarded the question to me and Kate, I thought that consulting
with you was also appropriate. Can we have your understanding on this
matter please?

	 

	Thanks,

	 

	- Paulo

	 

	Paulo Coimbra

	OWASP Project Manager
<https://www.owasp.org/index.php/User:Paulo_Coimbra> 

	 

	From: Raul Siles <raul at taddong.com>
	Date: Fri, 27 May 2011 23:30:22 +0200
	To: Dinis Cruz <dinis.cruz at owasp.org>
	Cc: Kate Hartmann <kate.hartmann at owasp.org>, Paulo Coimbra
<paulo.coimbra at owasp.org>
	Subject: Re: OWASP.org SSL/TLS scan

	 

	FYI. This was the blog post, tool, and scan I referred to:
http://blog.taddong.com/2011/05/tlssled-v10.html.

	----

	Raul Siles

	Founder & Senior Security Analyst

	Taddong

	raul at taddong.com | +34-639109172 <tel:%2B34-639109172>  |
www.taddong.com

	 

	 

	 

	On May 27, 2011, at 4:15 PM, Raul Siles wrote:

	 

		Thanks Dinis!

		----

		Raul Siles

		Founder & Senior Security Analyst

		Taddong

		raul at taddong.com | +34-639109172 <tel:%2B34-639109172>
| www.taddong.com

		On May 27, 2011, at 11:03 AM, dinis cruz wrote:

			I don't think you need permission, but if you
want one, Kate or Paulo

			(CCed) should be able to give you one

			Dinis Cruz

			On 27 May 2011, at 09:34, Raul Siles
<raul at taddong.com> wrote:

				Hi Dinis,

				I hope to find you well... and sure busy
;)

				I plan to publish a blog post with a new
tool/script to help people

				evaluate the security of their SSL/TLS
(HTTPS) implementation. I

				plan to submit it to the OWASP Testing
Guide too [0], and I would

				like to show an example of the script
running on a target website,

				so I thought https://www.owasp.org would
be a great target example.

				[0]
https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29

				Who (within OWASP) should I ask for
authorization to run the SSL/TLS

				scan (based on sslscan and openssl; no
risk) and publish the results

				on the blog?

				Thanks!

				----

				Raul Siles

				Founder & Senior Security Analyst

				Taddong

				raul at taddong.com | +34-639109172
<tel:%2B34-639109172>  | www.taddong.com

	 

	 

	 

	_______________________________________________
	Global-projects-committee mailing list
	Global-projects-committee at lists.owasp.org
	
https://lists.owasp.org/mailman/listinfo/global-projects-committee

 


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-infrastructure/attachments/20110531/cfb7c75b/attachment-0001.html 


More information about the Owasp-infrastructure mailing list