Cryptosense Discovery is our free tool to test a host’s usage of cryptography for common configuration mistakes and vulnerabilities. Discovery’s new version discovers more hosts and more vulnerabilities, and improves the visual representation of attacks. We achieve this by using a visualization method called attack trees. Attack trees do not simply report scores: they explain why a host is vulnerable and what the user must fix first. This greatly eases the hard job of correctly configuring TLS servers — especially at scale, when prioritizing tasks is not always trivial.
A broader attack surface
The complex structure of the modern web has lead to the success of attacks such as DROWN and ROBOT. These attacks rely on bugs and misconfigurations of web servers and allow attackers to decrypt HTTPS traffic and even impersonate trusted entities.. For instance, a perfectly configured host may be compromisable because of a vulnerable host that shares some information with it. Discovery’s new version checks for these subtle vulnerable relationships by making inferences on information from many different hosts.
Discovering and testing more hosts
Finding a greater number of related hosts allows us to analyze previously unexplored areas of the main host’s attack surface. Whenever a website includes elements from external sources, it exposes itself to possible vulnerabilities present on these hosts. For instance, if the main host and a host vulnerable to DROWN share the same certificate, the main host would be exploitable because of the vulnerable one. It is thus fundamental to not only check single hosts, but also the many interconnections between them.
Understanding and visualizing attacks
To better understand complex attacks we implemented a well-known visualization technique called attack trees. Attack trees combine information on hosts to form intuitive, high-level representations of complex attacks.
Attack trees break known attacks down into simpler and simpler conditions regarding both the main host and its related ones. These conditions are easy to evaluate and understand: the user can thus clearly see what he has to fix. This allows users to prioritize urgent fixes to be done and to avoid the risk of being vulnerable because of some related host that does not appear on standard analysis tools.
Why not try your domain.