Open‑Source Tools for Security Checks
Use multiple tools; each sees different issues.
CLI scanners
- testssl.sh: deep TLS scan.
- sslscan/sslyze: protocol/cipher analysis.
- nmap scripts (ssl-enum-ciphers, http-security-headers).
Header/CSP helpers
- Mozilla Observatory (scanner + guidance).
- OWASP Dependency‑Check/ZAProxy for broader testing.
Workflow
- Automate scans in CI; fail on regressions.
- Keep a baseline and track changes after deploys.