SSlyze is a great open source tool for checking a website or servers SSL/TLS certificates. It checks the SSL/TLS configuration of a server by connecting to it in real time. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their servers.
|Security Stage||DAST (Dynamic Analysis)|
|1||You'll need a URL to scan|
Adding SSLyze to your set of dynamic security tests is simple. Your version configuration will be setup for dynamic testing.
To add the SSLyze security tool to a Toolkit:
Now any time you click 'Test Now' with that Toolkit, or make a request over the Uleska API or CLI with that Toolkit, the SSlyze tool will be included in the test run and any results added to your vulnerabilities list.
Currently, the SSlyze adaptor will run the standard set of SSL/TLS tests. Configuration for timeouts, client certificates, and other settings are not currently supported but will be included in a future release. This adaptor interprets known errors from the SSLyze tool and reports them as vulnerabilities.