Achim Hoffmann is a researcher who has created a tool for listing information about remote target’s SSL certificate and testing the remote target against a given list of ciphers. This OWASP project, o-Saft, first gained notice when Jim Manico mentioned it on the OWASP email list. At AppSec Europe 2014, I was able to speak with Achim, along with Matt Tasauro, about the function of the tool and its uses.
About the Project
o-Saft is designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people.
O-Saft is a command-line tool, so it can be used offline and in closed environments. However, it can simply be turned into an online CGI-tool (please read documentation first).
About Achim Hoffmann
Co-Autor OWASP: Best Practices: Projektierung der Sicherheitsprüfung von Webanwendungen www.owasp.org/images/0/00/OWASP-…dungen_v101.de.pdf
Autor Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices
Contributor to WASC Web Application Firewall Evaluation Criteria
Co-Author OWASP: Best Practices: Web Application Firewalls
Reviewer/Contributor to WASC Threat Classification v1
Deutsche Übersetzung der WASC Threat Classification v1
Reviewer/Contributor to WASC Threat Classification v2