This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - CR 7

From OWASP
Revision as of 15:13, 21 January 2016 by Dariodf (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#a395ca;">Cornucopia - Ecommerce Website - CR 7</span>}} File:Cornucopia_-_Ecommerce_Website_CR_7....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cornucopia - Ecommerce Website CR 7.png

Suit: Cryptography

Card/Value: 7

Description:

Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication.

Technical Note:

Configuration best practice guidance needs to be reviewed periodically, vulnerability announcements monitored, and configuration standards updated.

NB: The key concept for this card is weak configuration rather than missing encryption.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
75 10.1 IE4 31 14
144 10.2 217 29
145 10.3 30
148 10.5
10.8
10.9


« Previous Card | Cryptography | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_CR_7&oldid=207125"