Google announces a new security tool that help developers to detect security bugs in their applications.
The Android Security Team has made a new tool,know as "Nogotofail",that provides an easy way to confirm that device that you are using are safe against TLS/SSL vulnerabilities.Recently Google security researchers discovered a new bug in SSL 3.0 which was dubbed as "POODLE".
The open source tool is available on Githubso that anybody can use this tool to check their applications,contribute new features..This tool works on almost every device running on Android,iOS,Linux,Windows,Chrome OS,OS X,in fact any device you use to connect to the Internet.
"Google is committed to increasing the use of TLS/SSL in all applications and services.But HTTPS everywhere is not enough: it also need to be used correctly.Most platforms and devices have secure defaults,but some applications and libraries override the defaults for the worse,and in some instances we've seen platforms make mistakes as well.As application get more complex,connect to more services,and use more third party libraries,it become easier to introduce these type of mistakes.",said Chad Brubaker (Android Security Engineer).
Chad also says that it is using this tool internally for some time and have worked with many web developer to improve the security of their apps.
Nogotofail tool require Python 2.7 and pyOpenSSL>=0.13.Nogotofail tool is composed of an on-path network Man in The Middle (MiTM) and optional clients for the devices being tested.
Post a Comment