High-Tech Bridge launches free PCI and NIST compliant SSL testOctober 21, 2015
High-Tech Bridge is pleased to announce availability of its new online service to test SSL/TLS server security and configuration for compliance with NIST and PCI DSS.
High-Tech Bridge, a leading provider of web application security via its award-winning solution ImmuniWeb®, is pleased to announce a free online service designed to check SSL/TLS security of a web server. The service has received valuable input from reputable organizations worldwide including the Online Trust Alliance (OTA) and ITU.
The Secure Socket Layer, commonly known as SSL and currently being replaced by more secure TLS (Transport Layer Security), is one of the main pillars of modern Internet security, assuring confidentiality and data integrity of millions of users every minute. Many security standards, such as PCI DSS, pay particular attention to the correct implementation and secure configuration of the SSL. Great variety of attacks against SSL protocols family and their implementations exist today, including Heartbleed, POODLE, BEAST and CRIME that made media headlines recently.
Differently from others, High-Tech Bridge’s free service performs four distinct tests:
- Test for compliance with NIST Guidelines;
- Test for compliance with PCI DSS Requirements;
- Test for the most recent SSL/TLS vulnerabilities and weaknesses;
- Test for insecure third-party content that may expose user’s privacy.
The security verifications rely on NIST “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations” and PCI DSS 3.1 Requirement 4.1.
Additionally, the service thoroughly checks for more recent SSL flaws and weaknesses that are not yet covered by NIST or PCI DSS scope. The service also carefully inspects third-party content on the page that may potentially put user’s privacy at risk.
"The High-Tech Bridge SSL testing tool is proven invaluable to help identify site weaknesses and vulnerabilities for 1000's of site worldwide. As the service has developed, we are now using it to help power the OTA Online Trust Audit and the IoT Trust Framework. I recommend organizations of all sizes consider its use as part of their cyber defense tool kit“ comments Craig Spiezle, President and Executive Director, Online Trust Alliance.
Ilia Kolochenko, CEO of High-Tech Bridge, says: “Appropriate data encryption is becoming a vital part of our everyday life. Many security standards and federal laws require implementing strong data encryption to protect customers’ data. This is why at High-Tech Bridge we decided to launch a free service to enable anyone to test his or her SSL server security in simple, fast and reliable manner. We are collaborating with many globally-recognized security organizations, such as OTA and ITU, to deliver the best quality of testing, and we are open to collaborate with the industry and individuals to continuously improve the service.”