Protocol: TLS Configuration Server Preferences¶
Identifier:
tls_configuration_server_pref
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
When a server's TLS configuration isnt properly managed, it might use outdated or weak settings that can expose sensitive data during transmission. Even if encryption is in place, misconfigurationslike accepting insecure protocols or ciphers, or not properly checking certificate validitycan let attackers intercept or alter the data. Developers often fall into trouble by relying on default settings or overlooking proper certificate management, which can lead to man-in-the-middle attacks or unauthorized data access. This misstep can compromise the confidentiality and integrity of user data if not corrected.
References:
- https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection
- https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
Configuration¶
Example¶
Example configuration:
---
security_tests:
tls_configuration_server_pref:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.