Cryptography 6
NB: The key concept for this card is lack of encryption of data in transit and/or in memory.
Romain can read and modify unencrypted data in memory or in transit (e.g. cryptographic secrets, credentials, session identifiers, personal and commercially-sensitive data), in use or in communications within the application, or between the application and users, or between the application and external systems
Mappings
Owasp ASVS (4.0): 1.9.1 ,2.2.5 ,2.5.1 ,8.3.4 ,8.3.6 ,9.1.3 ,9.2.2
Capec: 31 ,57 ,102 ,157 ,158 ,384 ,466 ,546
Owasp SCP: 36,37,143,146,147
Owasp Appsensor:
Safecode: 29
ASVS (4.0) Cheatsheetseries Index
ASVS V1.9 - Communications Architectural Requirements
ASVS V2.2 - General Authenticator Requirements
ASVS V2.5 - Credential Recovery Requirements
ASVS V8.3 - Sensitive Private Data
ASVS V9.1 - Communications Security Requirements
ASVS V9.2 - Server Communications Security Requirements
Attacks
Session Hijacking (Man-in-the-Middle)
Loading comments 0%
