Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ivan Ristic and SSL Labs: How One Man Changed the Way We Understand SSL

Posted by samzenpus on from the man-with-the-plan dept.

An anonymous reader writes: Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Before that, he was mostly known for his work with OWASP and the development of the wildly popular open source web application firewall ModSecurity. While SSL Labs was something Ristic worked on in his spare time, over time it became his main focus. In fact, over the years, the project incorporated a great number of checks that are impossible to perform manually. It's a game changer because, to assess your TLS configuration, you don't need to be an expert. Read the story about the project's evolution on Help Net Security.

5 of 25 comments (clear)

  1. Re:Bulletproof SSL and TLS, get it, read it, live by beernutz · · Score: 4, Informative

    Do you mean that you can't recommend it ENOUGH? I know these kind of corrections can seem pedantic, but the omission of a word in this case completely changes the meaning.

    --
    (stolen from DaBum) I am dyslexia of borg - your ass will be laminated.
  2. Re:Several big websites get poor grades by watermark · · Score: 4, Informative

    IE6 and some other older OSes don't support the new stuff (tm). The very fact that they even support the old stuff (tm) gives them a lower rating. They are a company that profits on Everyone being able to access the site, which unfortunately, somewhat compromises the security of everyone else.

  3. Re: Bulletproof SSL and TLS, get it, read it, live by arglebargle_xiv · · Score: 2

    A kiwi is a creature that eats roots and leaves.

  4. Re:Bulletproof SSL and TLS, get it, read it, live by Jack+Griffin · · Score: 2

    Shhh... don't tell anyone about SSL Labs. I know next to nothing about security but am now the security expert thanks to this site.
    I can test a site, come back and throw around some security jargon about why the site isn't secure, "Oh your cipher suites appear to be incompatible, and your hashing algorithm is out of date" and customers throw money at me to fix it.
    I don't even know what half of that stuff means, but if more people know about it, I'll be forced to find real work...

  5. Re:Bulletproof SSL and TLS, get it, read it, live by grep+-v+'.*'+* · · Score: 2

    I agree. And punctuation can be somewhat important as well. For example:

    Let's eat, grandma.
    Let's eat grandma.

    --
    If the universe is someone's simulation -- does that mean the stars are just stuck pixels?