Cornucopia - Ecommerce Website - CR 7
Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication.
Configuration best practice guidance needs to be reviewed periodically, vulnerability announcements monitored, and configuration standards updated.
NB: The key concept for this card is weak configuration rather than missing encryption.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|