Protocol: TLS Configuration Server Defaults¶
Identifier:
tls_configuration_server_default
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
When TLS isnt set up with proper care, even a connection that looks secure might let attackers peek or tamper with messages. Developers often rely on defaults when configuring TLS, but if the protocols, keys, or certificates arent carefully managed or updated, an attacker could trick the system, intercept sensitive credentials, or impersonate a server. In other words, a poorly configured TLS setup opens the door to potential man-in-the-middle attacks, misused certificates, and overall loss of confidence in secure communications, which could ultimately lead to data breaches or unauthorized access.
References:
- https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
Configuration¶
Example¶
Example configuration:
---
security_tests:
tls_configuration_server_default:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.