[Android Pro] Network traffic Security Test tool Nogotofail

Source: Internet
Author: User
Tags ssl certificate

Reference to:http://www.freebuf.com/tools/50324.html

From serious Heartbleed vulnerabilities to Apple's gotofail vulnerabilities, to the recent SSL V3 poodle vulnerabilities ... We have seen the huge disaster caused by the vulnerability of network traffic. So "valley Man" came! Google has recently developed a tool,--nogotofail, that can help developers detect security breaches in network traffic classes.

Keep all networked devices protected from TLS and SSL encryption vulnerabilities

Android security engineer Chad Brubaker says the ultimate goal of the development nogotofail is to protect all networked devices and applications from TLS and SSL encryption vulnerabilities.

Nogotofail detection includes general SSL certificate validation issues, HTTPS and SSL/TLS library vulnerabilities and misconfiguration issues, SSL and STARTTLS Detachment (stripping) issues, plaintext traffic issues, and more.

Brubaker wrote in his blog:

Google is working to get all applications and servers to use TLS/SSL, but there is no way to make https popular. At the same time, HTTPS needs to be used correctly. For example, many platforms and devices now have security defaults, but when the application becomes more complex, it connects to more servers and uses more third-party libraries ... It is easy to have security problems.

Nogotofail is co-developed by Android engineer Chad Brubaker, Alex Klyubin and Geremy Condra for Android, IOS, Linux, Windows, Chrome OS, OSX, and any networked device.

Google also said that the Nogotofail tool has been used within Google for some time ...

Nogotofail requires Python 2.7 and Pyopenssl 0.13 or later. The tool is now available in gitub and can be used by everyone, and it is hoped that many suggestions and additions will be made to make the Internet more secure.

Https://github.com/google/nogotofail

[Android Pro] Network traffic Security Test tool Nogotofail

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.