Purpose of this post is to share my experience with running NetScaler CPX from a Docker Image. Our objective is to implement a NetScaler CPX test/development platform as a Docker container based app. In this post we will look into installing and configuring Docker, NetScaler CPX and DVWA […]
Year: 2017
Scan and Analyze TLS/SSL with CipherScan
A simple method to figure out which SSL/TLS Ciphersuites are supported by a target, and how these are prioritized. CipherScan can be used to assist to verify a good SSL/TLS configuration on your server.
|
1 |
./cipherscan.py test.site.com |
|
1 |
./analyze.py -t test.site.com |
Download https://github.com/mozilla/cipherscan Install git clone https://github.com/mozilla/cipherscan.git Pre-reqs Python […]
Running NetScaler VPX in Oracle VirtualBox
Finally found it possible to use NetScaler VPX in VirtualBox. Keep in mind that running NetScaler in VirtualBox is NOT supported, use for Test purpose only. Tested with Oracle VirtualBox 5.1.25 and NetScaler VPX 11.1 + 12.0 build 51.24 How To Deploy NSVPX in VirtualBox Download NS VPX for […]
Load Testing HTTP with Locust
In this blog post I will share some examples of basic load testing against web services. I will describe a few examples which easily can be configured to match additional needs and requirements. Locust is an open source load testing tool, it is fairly simple to setup and run basic […]
Native OTP and MFA in Citrix NetScaler 12
Finally, NetScaler 12.0 build 51.24 was released July 20 – 2017 and introduces two great new features among other things: Native OTP (OneTimePassword) via nFactor Secure Web Gateway (Will be covered in a later post) I am very excited to follow development on these two features. This post is focusing […]
Analyzing and Testing Web Application Security based on OWASP Top 10 – SQLi and XSS
Introduction This post describes some methods and techniques that we can use to verify and analyze security in a web application by assessing the SSL and HTTP traffic.We will focus on how to verify SSL Protocols and Ciphers, HTTP Response Headers and scanning for SQLi and XSS vulnerabilities. These methods […]
Single Sign On (SSO) to ADFS enabled Website from XenMobile SecureWeb
From ADFS 3.0 on Windows Server 2012 R2, a Powershell property defines which User Agents (Browsers) that are supported for 401 Windows Integrated Authentication instead of Form Based Authentication. So In order to ensure that we can support SSO from XenMobile SecureWeb, we can change that property on ADFS (Option […]
Protect and Secure your Web Application with NetScaler Application Firewall (WAF) – Part 1
The first part of this post I am providing some information and guidelines on how to implement Citrix NetScaler Application Firewall in front of your web application. In the second part coming up, we will look into the Security Insight of NMAS (NetScaler Management and Analytics Services) how this provide […]
Optimizing SSL Security and Performance with OCSP and NetScaler
This post is about OCSP, NetScaler and SSL/TLS, how we could benefit from it and how we implement it on NetScaler. Intro Online Certificate Status Protocol (OCSP) is an alternative/replacement to the Certificate Revocation List (CRL) and is also a method to validate the status of a certificate. The CRL […]
Configuring XenMobile Secure Web and HTTP Web Proxy
A common scenario and requirement is to use a HTTP Web Proxy gateway (BlueCoat, IronPort etc.) for outbound traffic to the Internet from the XenMobile Secure Web, securing and inspecting URL traffic etc. Once again we use our lovely NetScaler to meet the objectives. This post describes the implementation steps […]