SSL (Secure Sockets Layer) enables encrypted communication between a web browser and a web server, and authenticates the identity of the website.
Many companies, in recent years, acquired SSL certificates to secure the communication between the client and the server and to prevent attackers from stealing and tampering with data, such as credit card information being exchanged. HTTP does not offer the same level of protection to the web traffic that HTTPS provides.
During scanning, Invicti identifies SSL configurations in use in the target web application and begins to list them. It also lists the protocols and ciphers that are supported by the target server. It is useful to know what the target web application supports, so you can harden the server's configuration.
Once the scan is completed, all SSL configurations in use are listed under the SSL node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Invicti forms Knowledge Base nodes on its findings. If an SSL node is not listed, it means that Invicti did not find any configurations.
For further information, see Knowledge Base Nodes.
How to View the SSL Node in Invicti Enterprise
- Log in to Invicti Enterprise.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the SSL node. The information is displayed in an SSL tab.
How to View the SSL Node in Invicti Standard
- Open Invicti Standard
- Start a Scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Click the SSL node in the Knowledge Base. All detected SSL information is displayed in the Knowledge Base Viewer.