This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - CR 4

From OWASP
Revision as of 15:12, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 4</span>}} File:Cornucopia_-_Ecommerce_Website_CR_4....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website CR 4.png

Suit: Cryptography

Card/Value: 4

Description:

Paulo can access data in transit that is not encrypted, even though the channel is encrypted.

Technical Note:

Data may be use encryption in transit like Transport Layer Security (TLS). However, an attacker may have legitimate access to this (e.g. viewing SSL content in a web browser). Consider whether the data transmitted also needs to be encrypted itself, not just sent using an encrypted protocol.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
37 9.2 - 185 14
88 186 29
143 187 30
214




« Previous Card | Cryptography | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_CR_4&oldid=207122"