High-Tech Bridge announced a free online service designed to check SSL/TLS security of a web server. It performs four distinct tests:
- Test for compliance with NIST Guidelines
- Test for compliance with PCI DSS Requirements
- Test for the most recent SSL/TLS vulnerabilities and weaknesses
- Test for insecure third-party content that may expose user’s privacy.
The security verifications rely on NIST “Guidelines for the Selection, Configuration, and Use of TLS Implementations” and PCI DSS 3.1 Requirement 4.1.
Additionally, the service thoroughly checks for more recent SSL flaws and weaknesses that are not yet covered by NIST or PCI DSS scope. The service also carefully inspects third-party content on the page that may potentially put user’s privacy at risk.
“The High-Tech Bridge SSL testing tool is proven invaluable to help identify site weaknesses and vulnerabilities for 1000’s of site worldwide. As the service has developed, we are now using it to help power the OTA Online Trust Audit and the IoT Trust Framework. I recommend organizations of all sizes consider its use as part of their cyber defense tool kit“ comments Craig Spiezle, President and Executive Director, Online Trust Alliance.
Ilia Kolochenko, CEO of High-Tech Bridge, says: “Appropriate data encryption is becoming a vital part of our everyday life. Many security standards and federal laws require implementing strong data encryption to protect customers’ data. This is why at High-Tech Bridge we decided to launch a free service to enable anyone to test his or her SSL server security in simple, fast and reliable manner. We are collaborating with many globally-recognized security organizations, such as OTA and ITU, to deliver the best quality of testing, and we are open to collaborate with the industry and individuals to continuously improve the service.”