This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - CR 4"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 4</span>}} File:Cornucopia_-_Ecommerce_Website_CR_4....") |
|||
Line 52: | Line 52: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
Latest revision as of 16:27, 21 January 2016
Suit: Cryptography
Card/Value: 4
Description:
Paulo can access data in transit that is not encrypted, even though the channel is encrypted.
Technical Note:
Data may be use encryption in transit like Transport Layer Security (TLS). However, an attacker may have legitimate access to this (e.g. viewing SSL content in a web browser). Consider whether the data transmitted also needs to be encrypted itself, not just sent using an encrypted protocol.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
37 | 9.2 | - | 185 | 14 |
88 | 186 | 29 | ||
143 | 187 | 30 | ||
214 |