Security Test: TLS vulnerabilities¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

TLS vulnerabilities come from improper configuration of the encryption protocols, ciphers, and certificates that protect data during transmission. If these elements aren’t set up securely, attackers can potentially intercept or tamper with sensitive information like user credentials. This can expose your data to eavesdropping and man-in-the-middle attacks. Developers sometimes rush setups or use outdated settings, which increases the risk of a security breach. It's essential to use current, strong encryption practices and validate certificates properly to ensure authenticated and secure communication channels.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Configuration¶

Identifier: protocol/tls_configuration_vuln

Examples¶

All configuration available:

checks:
  protocol/tls_configuration_vuln:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.10.1`
NIST	`SP800-52`
FedRAMP	`SC-17`
CWE	`319`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
CVSS Score	`5.3`