OWASP API Security Top 10 2019 Checklist

(0 reviews)

broken-user-authentication-use-tls

general > broken-user-authentication-use-tls


Guidance

The login page and all subsequent authenticated pages must be exclusively accessed over TLS or other strong

transport. Failure to use TLS or other strong transport for authenticated pages after login enables an attacker to view the

unencrypted session ID and compromise the user's authenticated session.

Applies to WebAPI

Constraint

Type: Declarative Validation

Reviews

TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onApr 25, 2022
Asset overview

Asset versions for 1.0.x

Asset versions
VersionActions
1.0.0