This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - CR 7
From OWASP
Suit: Cryptography
Card/Value: 7
Description:
Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication.
Technical Note:
Configuration best practice guidance needs to be reviewed periodically, vulnerability announcements monitored, and configuration standards updated.
NB: The key concept for this card is weak configuration rather than missing encryption.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
75 | 10.1 | IE4 | 31 | 14 |
144 | 10.2 | 217 | 29 | |
145 | 10.3 | 30 | ||
148 | 10.5 | |||
10.8 | ||||
10.9 |