Security Test: SSL Certificate¶

Description¶

Default Severity:

Certificates can go wrong when they're misconfigured, expired, or use weak encryption, which means the secure link you trust becomes vulnerable to interception or manipulation. If a certificate isn’t set up correctly, attackers might trick users into thinking they're connected to a safe server when they're not, potentially stealing sensitive data or injecting malicious content. Developers often overlook the details like proper certificate validation, keeping up with encryption best practices, or updating protocols, leaving applications open to man-in-the-middle attacks and data breaches.

Reference:

https://www.thesslstore.com/blog/what-happens-when-your-ssl-certificate-expires/

Configuration¶

Identifier: protocol/ssl_certificate

Examples¶

All configuration available:

checks:
  protocol/ssl_certificate:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API2:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`4.1`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-52`
FedRAMP	`SC-17`
CWE	`295`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C`
CVSS Score	`7.2`