SSTP

Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

SSTP Server Test Suite Data Sheet

Test Suite:

SSTP Server Test Suite

Direction:

Server

The Secure Socket Tunneling Protocol (SSTP) is a protocol for encapsulating PPP over secure SSL connection. The Point-to-Point Protocol (PPP) is used in establishing a direct multi-protocol connection between two nodes. The protocol offers methods to configure and transport network-layer protocols, like IP traffic, over point-to-point links. It has been commonly used by ISPs to offer customers a dial-up access to the Internet. This test suite can be used to test SSTP server implementations for security flaws and robustness problems. The test suite has test cases for both PPP and SSTP protocol data.

Used specifications

Specification

Title

Notes

MS-SSTP

Secure Socket Tunneling Protocol (SSTP)

MS-CBCP

Microsoft Callback Control Protocol

RFC1332

Internet Protocol Control Protocol (IPCP)

RFC1334

PPP authentication protocols

RFC1548

The Point-to-Point Protocol

Obsoleted

RFC1570

PPP LCP Extensions

RFC1661

The Point-to-Point Protocol

RFC1662

PPP in HDLC-like Framing

RFC1663

PPP Reliable Transmission

RFC1877

IPCP Name Server addresses

RFC1962

PPP Compression Protocol (CCP)

RFC1967

LZS-DCP Compression Protocol

RFC1969

The PPP DES Encryption Protocol (DESE)

Obsoleted

RFC1968

Encryption Control Protocol (ECP)

RFC1974

Stac LZS Compression Protocol

RFC1975

Magnalink Variable Resource Compression

RFC1976

Data-Compression in Data Circuit-Terminating Equipment (DCS)

RFC1977

BSD Compression Protocol

RFC1978

Predictor Compression Protocol

RFC1979

Deflate

RFC1989

Link Quality Monitoring

RFC1990

The PPP Multilink Protocol (MP)

RFC1993

Gandalf FZA Compression Protocol

RFC1994

Challenge Handshake Authentication Protocol

RFC2118

Microsoft Point-to-Point Compression (MPPC) Protocol

RFC2290

Mobile-IPv4 Configuration Option for PPP IPCP

RFC2419

DESE-bis

RFC2420

3DESE

RFC2433

Microsoft CHAP extensions

RFC2472

IPv6 Control Protocol (IPv6CP)

Obsoleted

RFC2616

Hypertext Transfer Protocol -- HTTP/1.1

Only the parts needed for SSTP DUPLEX POST message.

RFC2759

MS-Chap 2

RFC2794

Mobile-IPv4 Option for PPP IPCP

RFC3241

Robust Header Compression (ROHC) over PPP

RFC3748

Extensible Authentication Protocol (EAP)

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

Only the parts needed for SSTP DUPLEX POST message.

RFC5072

IP Version 6 over PPP

RFC5172

Negotiation for IPv6 Datagram Compression Using IPv6 Control Protocol

Tool-specific information

Supported protocol features

LCP payload

RFC1661

IPCP payload

RFC1332

CCP payload

RFC1962

IPv6CP payload

RFC2472, RFC5072

LQR payload

RFC1989

PAP authentication payload

RFC1334

CHAP authentication payload

RFC1994, RFC2433, RFC2759

Not supported protocol features

Transport over ATM

Compressed payloads

Encrypted payloads

OSINLCP

RFC1377

AppleTalk NCP

RFC1378

IPXCP

RFC1552

DECNET Phase IV CP

RFC1762

Banyan Vines CP

RFC1763

XNS IDP CP

RFC1764

SNA CP

RFC2043

NetBIOS Frames CP

RFC2097

BAP and BACP

RFC2125

PPP Bridging Control Protocol

RFC3518

Authentication Bypass

Test tool general features

Fully automated black-box negative testing
Ready-made test cases
Written in Java(tm)
GUI command line remote interface modes
Instrumentation (health-check) capability
Support and maintenance
Comprehensive user documentation
Results reporting and analysis