During the writing of this book, something pretty crazy happened. A vulnerability in OpenSSL was disclosed to the community, and the Internet was proven to have a great deal of sites vulnerable. When I say, "a great deal", I mean roughly 66 percent. That's a lot of patching needed.
The vulnerability was dubbed Heartbleed and was found to be really easy to exploit. I mean really easy. Despite its ease of exploitation, it's a great example of an SSL solution vulnerability with a memory read exploit. This makes it an excellent inclusion option for your assault course. It's recent, it's relatively easy to set up, there's a truckload of exploits out there that can be used, and it demonstrates one of the core elements of SSL testing: the vulnerabilities are usually in the implementation and not in the algorithms themselves.
We're going to set up an SSL server vulnerable to a Heartbleed attack, generate some activity on it, and...