You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
9.3.1 states internal services only need TLS if they are level 2
9.3.1
[ADDED] Verify that TLS or another appropriate transport encryption mechanism used for all connectivity between internal, HTTP-based services, and does not fall back to insecure or unencrypted communications.
✓
✓
319
I strongly disagree, I think all apps should use HTTP/S and TLS, even those without sensitive data. HTTP/S is not just about data protection, HTTPS is also about properly identifying the server!
The text was updated successfully, but these errors were encountered:
I am assuming that it was marked as L2 because it is not pen testable but right now I don't see that as a likely definition for the updated levels so I am happy to make it L1.
9.3.1 states internal services only need TLS if they are level 2
I strongly disagree, I think all apps should use HTTP/S and TLS, even those without sensitive data. HTTP/S is not just about data protection, HTTPS is also about properly identifying the server!
The text was updated successfully, but these errors were encountered: