OWASP Annotated Application Security Verification Standard
latest

Browse by chapter:

  • v1 Architecture, design and threat modelling
  • v2 Authentication verification requirements
  • v3 Session management verification requirements
  • v4 Access control verification requirements
  • v5 Malicious input handling verification requirements
  • v6 Output encoding / escaping
  • v7 Cryptography at rest verification requirements
  • v8 Error handling and logging verification requirements
  • v9 Data protection verification requirements
  • v10 Communications security verification requirements
    • 10.1 TLS chain is valid
    • 10.3 TLS is used for all relevant connections
    • 10.4 Backend TLS connection failures are logged
    • 10.5 Client certificates are built and verified correctly
    • 10.6 Connections to relevant external systems are authenticated
    • 10.8 Single standard well-configured TLS implementation is used
    • 10.10 Certificate pinning is used correctly
    • 10.11 Strict Transport Security is used correctly
    • 10.12 URL is submitted to HSTS preload lists
    • 10.13 Forward secrecy ciphers are used
    • 10.14 Certification revocation is enabled and configured
    • 10.15 Strong certificate hierarchy
    • 10.16 TLS settings are current
  • v11 HTTP security configuration verification requirements
  • v12 Security configuration verification requirements
  • v13 Malicious controls verification requirements
  • v14 Internal security verification requirements
  • v15 Business logic verification requirements
  • v16 Files and resources verification requirements
  • v17 Mobile verification requirements
  • v18 Web services verification requirements
  • v19 Configuration

Browse by level:

  • Level 1: Opportunistic
  • Level 2: Standard
  • Level 3: Advanced
OWASP Annotated Application Security Verification Standard
  • Docs »
  • v10 Communications security verification requirements
  • Edit on GitHub

v10 Communications security verification requirementsΒΆ

  • 10.1 TLS chain is valid
  • 10.3 TLS is used for all relevant connections
  • 10.4 Backend TLS connection failures are logged
  • 10.5 Client certificates are built and verified correctly
  • 10.6 Connections to relevant external systems are authenticated
  • 10.8 Single standard well-configured TLS implementation is used
  • 10.10 Certificate pinning is used correctly
  • 10.11 Strict Transport Security is used correctly
  • 10.12 URL is submitted to HSTS preload lists
  • 10.13 Forward secrecy ciphers are used
  • 10.14 Certification revocation is enabled and configured
  • 10.15 Strong certificate hierarchy
  • 10.16 TLS settings are current
Next Previous

© Copyright 2015, Boy Baukema Revision 471fcb0a.

Built with Sphinx using a theme provided by Read the Docs.