Certificate Issues
Category ID: 295 (Category)Status: Incomplete
+ Description

Description Summary

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
+ Applicable Platforms

Languages

All

+ Background Details

A certificate is a token that associates an identity (principle) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory254Security Features
Development Concepts (primary)699
ChildOfCategoryCategory731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base296Improper Following of Chain of Trust for Certificate Validation
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base297Improper Validation of Host-specific Certificate Data
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base298Improper Validation of Certificate Expiration
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base299Improper Check for Certificate Revocation
Development Concepts (primary)699
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
OWASP Top Ten 2004A10CWE More SpecificInsecure Configuration Management
+ References
M. Bishop. "Computer Security: Art and Science". Addison-Wesley. 2003.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-08-15VeracodeExternal
Suggested OWASP Top Ten 2004 mapping
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Background Details, Description