Fork me on GitHub

Implementation -> Infrastructure Hardening: Usage of edge encryption at transit

Risk and Opportunity

Risk: Evil actors might be able to perform a man in the middle attack and sniff confidential information (e.g. authentication factors like passwords)
Opportunity: By using encryption at the edge of traffic in transit, it is impossible or at least harder to sniff credentials beeing outside of the organization.

Additional Information

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017