Foundstone Offers Free Tool to Assess eCommerce Web Site Encryption Quality
SSLDigger Identifies Web Site Weaknesses to Help Prevent Attacks
MISSION VIEJO, Calif.--(BUSINESS WIRE)--July 29, 2004--Foundstone Inc., experts in strategic security, today announced the availability of Foundstone SSLDigger(TM), a free tool that tests and rates the use of SSL (secure socket layer) ciphers on an organization's Web site. By using SSLDigger, eCommerce companies can automatically identify weaknesses in their Web site data encryption and work to improve those weaknesses, minimizing their vulnerability to malicious Web assaults.
While most Web-dependent organizations use SSL, many mistakenly believe their Web applications and data are more secure than they really are. Not all SSL ciphers protect data equally and many IT organizations have not improved their SSL quality despite the availability of higher standards. SSLDigger automatically tests for 26 SSL ciphers, classifying them into four security categories between None and Excellent. It then provides an overall grade for the Web site's encryption. Previously, companies performed SSL testing manually, if at all.
SSLDigger helps users ensure compliance with regulatory and industry encryption standards, including HIPAA and VISA's Cardholder Information Security Program (CISP). It also provides limited support for Server Gated Cryptography (SGC), which is particularly useful for financial services institutions with customers across the globe. This support provides additional information to the user while interpreting the results and letter grade.
Dave Wong, director of application security for Morgan Stanley, described SSLDigger as "another fantastic free tool from Foundstone." He continued: "Most people assume their Web site is secure because they are using SSL. Using SSLDigger, we can check that Web servers are properly configured to use strong encryption. SSLDigger can identify SGC certificates, used by financial institutions worldwide. Other tools incorrectly identify SGC certificates as export grade."
SSLDigger is one of many free tools available through Foundstone's S3i(TM) service line. S3i (Strategic Secure Software Initiative) helps Foundstone clients define, design, develop, deploy and maintain reliable and secure software. By understanding and managing inherent risk and measurably improving the software development life cycle, Foundstone helps its clients reduce development costs and improve performance. To find out more about S3i and to download the free SSLDigger tool and white paper, visit www.foundstone.com/s3i.
"Foundstone's clients include many of the highest profile organizations in the world for whom secure data is mission critical," said Mark Curphey, director of consulting for Foundstone and founder of OWASP. "SSLDigger is one of many tools in our extensive arsenal that helps identify security weaknesses quickly and efficiently."
Foundstone's award-winning Enterprise Risk Solutions(TM) software helps organizations comprehensively discover, inventory, prioritize and remediate all assets on a global network. The suite provides exceptionally accurate, high-speed vulnerability assessment of all network assets, intuitive reports and metrics, and a tightly integrated threat correlation module which correlates critical threats with prioritized assets so security and network operations can focus on the assets that matter the most.
About Foundstone
Foundstone(R) Inc., experts in strategic security, offers a unique combination of software, services and education to help organizations continuously and measurably protect the most important assets from the most critical threats. Through a strategic approach to security, Foundstone identifies and implements the right balance of technology, people and process to manage digital risk and leverage security investments more effectively. The company has one of the most dominant security talent pools ever assembled, and has authored twenty books, including the best-seller "Hacking Exposed." Foundstone customers include six of the top 11 Fortune companies and many U.S. government agencies. The company is headquartered in Orange County, Calif., and has offices in San Antonio, New York, Washington, D.C. and Singapore. For more information about Foundstone, visit www.foundstone.com, or call 877-91-FOUND within the U.S., and 949-297-5600 outside the U.S.
Note to Editors: Foundstone is a registered trademark of Foundstone Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies.
Contacts
Foundstone Inc.
Colleen Edwards, 949-297-5609
colleen.edwards@foundstone.com
[ Comment, Edit or Article Submission ]
