Security Test: TLS Protocol Configuration¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

TLS configuration issues occur when sensitive data is sent over the network without proper protection, and developers might accidentally leave weak settings in place. This means that although HTTPS is supposed to keep data safe and verify server identity through certificates, bad configurations—like outdated protocols, weak encryption ciphers, or mismanaged certificates—can open the door to attackers. Essentially, if HTTPS isn’t set up correctly, attackers might sniff data or even perform impersonation attacks, making it risky for transmitting credentials or other private information. Developers often overlook the details in setting up the right protocols and checking certificates, leading to vulnerabilities that could be exploited if not fixed.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Configuration¶

Identifier: protocol/tls_configuration_key

Examples¶

All configuration available:

checks:
  protocol/tls_configuration_key:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.10.1`
NIST	`SP800-52`
FedRAMP	`SC-17`
CWE	`319`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
CVSS Score	`7.5`