In this section, functionalities related with the use of cryptographies in the application are tested. This may occur while sending or storing data.
The following controls are applied in this section:
OASAM-CRYPT-001: Hard-coded credentials.Passwords stored within the source code.
OASAM-CRYPT-002: Insecure Data Storage.Weaknesses related with confidential information storage.
OASAM-CRYPT-003: Insecure use of Transport Protocol. Weaknesses related with unsecure information flow.
OASAM-CRYPT-004: Certificate Pinning. Weaknesses related with trusted chains of digital certifications.