This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Transport Layer Protection Cheat Sheet

From OWASP
Revision as of 07:21, 21 February 2012 by Jmanico (talk | contribs) (Created page with "Make the warning about "no such thing as internal network" more prominent. There are several types of attacks that can be conducted by using ARP spoofing and MitM an SSL/TLS s...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Make the warning about "no such thing as internal network" more prominent. There are several types of attacks that can be conducted by using ARP spoofing and MitM an SSL/TLS session. One of the most interesting is hijacking credentials to virtual machine provisioning interfaces, then reusing the credentials to create malicious VMs, boot existing VMs off of untrusted media, etc. I think this is an overlooked issue with SSL since most of the focus is on ecommerce.

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Transport_Layer_Protection_Cheat_Sheet&oldid=124774"