Cryptography 4

Data may be use encryption in transit like Transport Layer Security (TLS). However, an attacker may have legitimate access to this (e.g. viewing SSL content in a web browser). Consider whether the data transmitted also needs to be encrypted itself, not just sent using an encrypted protocol.

How to play?

Paulo can access data in transit that is not encrypted, even though the channel is encrypted

Mappings

Owasp ASVS (4.0): 6.1.1 ,8.3.4 ,9.1.1

Capec: 185 ,186 ,187

Owasp SCP: 37,88,143,214

Owasp Appsensor:

Safecode: 14,29,30

ASVS (4.0) Cheatsheetseries Index

ASVS V6.1 - Data Classification

ASVS V8.3 - Sensitive Private Data

ASVS V9.1 - Communications Security Requirements

Attacks

Weak Authentication Protocols

Insider Threats

Session Hijacking (Man-in-the-Middle)

Loading comments 0%

View source on GitHub