Security Test: SSL Certificate¶
Description¶
Default Severity:
SSL certificates secure communications between users and servers but are only as strong as how they're set up. If misconfigured, expired, or using weak encryption, the certificate may give a false signal of safety, allowing attackers to intercept or tamper with data without detection. Developers might overlook details like proper validation or timely updates, opening the door to man-in-the-middle attacks and other breaches that could expose sensitive information.
Reference:
Configuration¶
Identifier:
frontend_protocol/ssl_certificate
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API2:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 4.1 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.2 |
NIST | SP800-52 |
FedRAMP | SC-17 |
CWE | 295 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C |
CVSS Score | 7.2 |