Achim Hoffmann and the o-Saft Project for Scanning SSL Connections

Achim Hoffman is a researcher who has created a tool for listing information about remote target's SSL certificate and testing the remote target against a given list of ciphers. This OWASP project, o-Saft, first gained notice when Jim Manico mentioned it on the OWASP email list. At AppSec Europe 2014, I was able to speak with Achim, along with Matt Tasauro, about the function of the tool and its uses. n About the Project o-Saft is designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. O-Saft is a command-line tool, so it can be used offline and in closed environments. However, it can simply be turned into an online CGI-tool (please read documentation first). About Achim Hoffman Co-Autor OWASP: Best Practices: Projektierung der Sicherheitsprüfung von Webanwendungen https://www.owasp.org/images/0/00/OWASP-Projektierung_der_Sicherheitspr%C3%BCfung_von_Webanwendungen_v101.de.pdf Autor Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices http://www.bsi.de/literat/studien/websec/WebSec.pdf Contributor to WASC Web Application Firewall Evaluation Criteria http://www.webappsec.org/projects/wafec/ Co-Author OWASP: Best Practices: Web Application Firewalls http://www.owasp.org/index.php/Best_Practices:_Web_Application_Firewalls Reviewer/Contributor to WASC Threat Classification v1 Deutsche Übersetzung der WASC Threat Classification v1 http://www.webappsec.org/projects/threat/ Reviewer/Contributor to WASC Threat Classification v2 http://projects.webappsec.org/Threat-Classification-Authors