High-Tech Bridge, a leading provider of web application security via its award-winning solution ImmuniWeb®, is pleased to announce a free online service designed to check SSL/TLS security of a web server. The service has received valuable technical input from reputable organizations worldwide including the Online Trust Alliance (OTA) and ITU.
The Secure Socket Layer, commonly known as SSL and currently being replaced by more secure TLS (Transport Layer Security), is one of the main pillars of modern Internet security, assuring confidentiality and data integrity of data of millions of users every minute. Many security standards, such as PCI DSS, pay particular attention to the correct implementation and secure configuration of the SSL. Heartbleed, POODLE, BEAST and CRIME are examples of attacks against SSL protocols family and its implementations that have made the headlines of prestigious media such as the BBC, CNN and CNBC.
A first for this type of tool, High-Tech Bridge’s free service performs four distinct tests :
- Test for compliance with NIST Guidelines;
- Test for compliance with PCI DSS Requirements;
- Test for the most recent SSL/TLS vulnerabilities and weaknesses;
- Test for unsecure third-party content that may expose user’s privacy.
The security verifications adhere to NIST “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations” and PCI DSS 3.1 Requirement 4.1.
Additionally, the service thoroughly checks for more recent SSL flaws and weaknesses that are not yet covered by NIST or PCI DSS scope. The service also carefully inspects third-party content on the page that may potentially put user’s privacy at risk.
“The High-Tech Bridge SSL testing tool is proven invaluable to help identify site weaknesses and vulnerabilities for 1000s of site worldwide. As the service has developed, we are now using it to help power the OTA Online Trust Audit and the IoT Trust Framework. I recommend organizations of all sizes consider its use as part of their cyber defense tool kit,” comments Craig Spiezle, President and Executive Director, Online Trust Alliance.
Ilia Kolochenko, CEO of High-Tech Bridge, says: “Appropriate data encryption is becoming a vital part of our everyday life. Many security standards and federal laws require implementing strong data encryption to protect customers’ data. This is why at High-Tech Bridge we decided to launch a free service to enable anyone to test his or her server security in simple, fast and reliable manner. We are collaborating with many globally-recognized security organizations, such as OTA and ITU, to deliver the best quality of testing, and we are open to collaborate with the industry and individuals to continuously improve the service.”
About High-Tech Bridge
High-Tech Bridge is a leading provider of on-demand and continuous web application security testing via ImmuniWeb®. The service was recognized as the most complete web security offering by Frost & Sullivan at the beginning of 2015. Cybersecurity Ventures ranked High-Tech Bridge #37 in Cybersecurity 500 list among the most innovative cybersecurity companies. PwC and High-Tech Bridge have established a strategic partnership to provide PwC’s customers with cutting-edge web security testing via ImmuniWeb offering.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.