Fork me on GitHub

Implementation -> Infrastructure Hardening: Usage of internal encryption at tansit

Risk and Opportunity

Risk: Evil actors within the organization of traffic in transit might be able to perform a man in the middle attack and sniff confidential information (e.g. authentication factors like passwords)
Opportunity: By using encryption internally, e.g. inside of a cluster, it is impossible or at least harder to sniff credentials.

Additional Information

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

OWASP SAMM VERSION 2

ISO27001 2017