Protocol: TLS Configuration¶
Identifier:
tls_configuration_protocol
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
If TLS is set up incorrectly, data that should be encrypted might not be fully protected, letting attackers snoop or even tamper with information. Mistakes occur when developers use outdated protocols or weak ciphers, misconfigure certificate checks, or ignore the proper use of certificates, turning what should be a secure connection into a vulnerable one. If these missteps arent caught, attackers might impersonate servers or force weaker encryption, putting sensitive data like user credentials at risk. It's an easy trapcutting corners on TLS configuration can leave the secure transmission of data open to interception and fraud.
References:
- https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
Configuration¶
Example¶
Example configuration:
---
security_tests:
tls_configuration_protocol:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.