CRYPTOGRAPHY (CR7)
Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication
Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication
OWASP SCP
75,144,145,148
OWASP ASVS
1.9.2,6.2.7,9.1.1,9.2.1,9.2.4,14.4.5
OWASP AppSensor
IE4
CAPEC
-
SAFECODE
14,29,30
Configuration best practice guidance needs to be reviewed periodically, vulnerability announcements monitored, and configuration standards updated.
NB: The key concept for this card is weak configuration rather than missing encryption.
Mappings
OWASP ASVS (4.0): 1.9.2 ,6.2.7 ,9.1.1 ,9.2.1 ,9.2.4 ,14.4.5
OWASP SCP: 75,144,145,148
OWASP Appsensor: IE4
Safecode: 14,29,30
ASVS (4.0) Cheatsheetseries Index
ASVS V1.9 - Communications Architectural Requirements
ASVS V9.1 - Communications Security Requirements
ASVS V9.2 - Server Communications Security Requirements
ASVS V14.4 - HTTP Security Headers Requirements
No suitable mappings were found.
