Seccubus v2.36 - TestSSL release29 June 2017
We just released a new Seccubus version, you can download it here
29-6-2017 - v2.36 - TestSSL.sh release
This release has been in the making for a long time. In fact the first pull request for it’s main feature was back in June 2016 by our friend and then colleague Glenn ten Cate.
This release marks the integration of Dirk Wetter’s excellent tool testssl.sh into Seccubus. With testssl.sh you can get a detailed overview of how well your TLS enabled service is set up. Not just for websites, but for any TCP service, even those that use STARTTLS.
In addition we introduced the –cdn switch for ssllabs, to reduce noise for CDN enabled sites, we the ability to dynamically create users via JIT provisionsing and we added CSRF protection for enhanced security.
To boost future code quality, Perl::Critic testing has been integrated in the unit testing process.
Besides that we squased some bugs, five of which got introduced in the previous release :(
- #302 - Testssl.sh support for Seccubus
- #401 - JIT provisioning of users
- #442 - Add –cdn option to ssllabs
- Perl Critic is now part of unit testing. All critique was handled
- #132 - We have CSRF protection now. Non-get requests should have content-type application/json.
- #461 - Update button on finding edit screen isn’t working properly
- #474 - Some typo/style fixes by Jericho (attrition.org)
- #478 - Conralive should check if cron isn’t ignored
- #480 - Editing/showing notifications broken
- #483 - add_user broken
- #484 - Failure to update 1+n scan configuration in Manage Scans (And all other update funtions)