1BO4r2U
1BO4r2U
1BO4r2U
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
163 164<br />
Web Application Penetration Testing<br />
Web Application Penetration Testing<br />
TLSv1.1 offered (ok)<br />
TLSv1.2 offered (ok)<br />
SPDY/NPN not offered<br />
--> Testing standard cipher lists<br />
Null Cipher NOT offered (ok)<br />
Anonymous NULL Cipher NOT offered (ok)<br />
Anonymous DH Cipher NOT offered (ok)<br />
40 Bit encryption NOT offered (ok)<br />
56 Bit encryption NOT offered (ok)<br />
Export Cipher (general) NOT offered (ok)<br />
Low ( Testing server defaults (Server Hello)<br />
Negotiated protocol<br />
Negotiated cipher<br />
TLSv1.2<br />
AES128-GCM-SHA256<br />
Server key size 2048 bit<br />
TLS server extensions: server name, renegotiation info,<br />
session ticket, heartbeat<br />
Session Tickets RFC 5077 300 seconds<br />
--> Testing specific vulnerabilities<br />
Heartbleed (CVE-2014-0160), experimental NOT vulnerable<br />
(ok)<br />
Renegotiation (CVE 2009-3555) NOT vulnerable (ok)<br />
CRIME, TLS (CVE-2012-4929) NOT vulnerable (ok)<br />
--> Checking RC4 Ciphers<br />
RC4 seems generally available. Now testing specific ciphers...<br />
Hexcode Cipher Name KeyExch. Encryption Bits<br />
-----------------------------------------------------------<br />
---------<br />
[0x05] RC4-SHA RSA RC4 128<br />
RC4 is kind of broken, for e.g. IE6 consider 0x13 or 0x0a<br />
--> Testing HTTP Header response<br />
HSTS no<br />
Server Apache<br />
Application (None)<br />
--> Testing (Perfect) Forward Secrecy (P)FS)<br />
no PFS available<br />
Done now (2014-04-17 15:07) ---> owasp.org:443