ATS-consider-ct
ATS-consider-ct
The application’s App Transport Security (ATS) configuration does not leverage the Certificate Transparency option. By opting in for Certificate Transparency (CT), rogue CA or compromised CA issued certificates may be identified and blocked, creating a more reliably secure TLS channel.
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures