This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Pinning Cheat Sheat"

From OWASP
Jump to: navigation, search
(Created pinning cheat sheet)
 
Line 1: Line 1:
Centralized use of critical infrastructure services such as DNS and CAs in a public CA hierarchy has led to a number of high profile failures in the secure channel. Pandemic abuse of trust and relationships has lured applications and developers to make security related decisions on effectively untrusted user input.
+
Invariant trust of critical infrastructure such as DNS and CAs in a public CA hierarchy has led to a number of high profile failures in the secure channel. This cheat sheet will help developers navigate the minefield of securing data in transit and by bringing integrity back to the channel when a pre-exisiting relationship exists between the user and an organization or service.
 +
 
 +
== Introduction ==
 +
 
 +
Secure channels are a cornerstone to users and employees on the go. Users and developers expect end-to-end security when sending and receiving data - especially sensitive data on channels protected by VPN, SSL, or TLS. While organizations which control DNS and CA have likely reduced risk to trivial levels under most threat models, users and developers subjugated to other's DNS and a public CA hierarchy are exposed to non-trivial amounts of risk. In fact, history has shown those relying on outside services have suffered chronic breaches in their secure channels.
 +
 
 +
The pandemic abuse of trust has resulted in users, developers and applications making security related decisions on effectively untrusted user input. This article is focused on providing clear, simple, actionable guidance for securing the channel in a hostile environment where actors could be malicious and the conference of trust a liability.

Revision as of 02:25, 13 February 2013

Invariant trust of critical infrastructure such as DNS and CAs in a public CA hierarchy has led to a number of high profile failures in the secure channel. This cheat sheet will help developers navigate the minefield of securing data in transit and by bringing integrity back to the channel when a pre-exisiting relationship exists between the user and an organization or service.

Introduction

Secure channels are a cornerstone to users and employees on the go. Users and developers expect end-to-end security when sending and receiving data - especially sensitive data on channels protected by VPN, SSL, or TLS. While organizations which control DNS and CA have likely reduced risk to trivial levels under most threat models, users and developers subjugated to other's DNS and a public CA hierarchy are exposed to non-trivial amounts of risk. In fact, history has shown those relying on outside services have suffered chronic breaches in their secure channels.

The pandemic abuse of trust has resulted in users, developers and applications making security related decisions on effectively untrusted user input. This article is focused on providing clear, simple, actionable guidance for securing the channel in a hostile environment where actors could be malicious and the conference of trust a liability.

Retrieved from "https://wiki.owasp.org/index.php?title=Pinning_Cheat_Sheat&oldid=144072"