[Owasp-testing] New tool for OWASP-CM-001

rick.mitchell at bell.ca rick.mitchell at bell.ca
Fri May 27 08:15:59 EDT 2011

Hi Raul, OWASP is an open project. Feel free to sign-up for the wiki (https://www.owasp.org/index.php/Special:RequestAccount) and make edits/additions yourself. You should also join the mailing list(s) so that you're in the loop on the latest happenings (https://lists.owasp.org/mailman/listinfo). You should also know that things are ramping up to start work on version 4 of the Testing Guide so you should consider editing/adding content for that release.

If you're trying to get info out about your new tool your best bet is likely to post an announcement to the testing list (https://lists.owasp.org/mailman/listinfo/owasp-testing) and host the tool on sourceforge, googlecode, assembla, github, etc so that people can easily submit bugs/tickets and enhancement requests, get documentation and support, and find the latest version.

Looking at the page you mentioned I don't actually see any reference to ssl_check.sh, maybe you meant ssl_test.sh. Anyway I'm not sure how others feel but at this point I don't think we (or you) should remove any content (or tool references/examples) from v3, if you want to add in alternative checks using your tool that's probably best (in my opinion). 


-----Original Message-----
From: Raul Siles [mailto:raul at taddong.com] 
Sent: May 27, 2011 4:42 AM
To: Mitchell, Rick (6030318)
Subject: New tool for OWASP-CM-001

Hi Rick,
I've seen your reference on the OWASP Testing Guide for the SSL/TLS section [0], where ssl_check.sh is mentioned.

[0] https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29

I plan to publish a tool replacement for ssl_check.sh with some additions, so, who should I send the information about the new tool so that (if OWASP finds it useful) gets posted in [0]?

Raul Siles
Founder & Senior Security Analyst
raul at taddong.com | +34-639109172 | www.taddong.com

More information about the Owasp-testing mailing list