Encryption is the first line of defense for data accessed through publicly accessible web applications. That’s why it’s so important to validate that your public web applications are configured as securely as possible when it comes to SSL and TLS.
The good news is that Qualys SSL Labs offers a free, easy to use web-based tool that tests public web servers for SSL, TLS and PKI configuration issues. The service has been around since 2009 and continues to quickly incorporate checks for known vulnerabilities like Heartbleed. Chances are that your customers are using similar tools to perform non-intrusive checks against your sites.
The scan results include a numerical score and a letter grade that indicates the strength of the SSL implementation. Ongoing testing can be automated by using the SSL Labs APIs which expose the complete server testing functionality.
While this won’t replace the need to perform more in-depth testing like vulnerability scanning and penetration testing, it provides a starting point to build on. Security is an iterative process that matures over time with deliberate practice and effort.
Reference Links:
SSL Server Test –> https://www.ssllabs.com/ssltest/
SSL Labs APIs –> https://www.ssllabs.com/projects/ssllabs-apis/
