Security Test: SSL Certificate¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

SSL certificates secure communications between users and servers but are only as strong as how they're set up. If misconfigured, expired, or using weak encryption, the certificate may give a false signal of safety, allowing attackers to intercept or tamper with data without detection. Developers might overlook details like proper validation or timely updates, opening the door to man-in-the-middle attacks and other breaches that could expose sensitive information.

Reference:

https://www.thesslstore.com/blog/what-happens-when-your-ssl-certificate-expires/

Configuration¶

Identifier: frontend_protocol/ssl_certificate

Examples¶

All configuration available:

checks:
  frontend_protocol/ssl_certificate:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API2:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-52`
FedRAMP	`SC-17`
CWE	`295`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C`
CVSS Score	`7.2`