Data Exposure in Transit
mediumdata-in-transit-exposure
Sensitive data transmitted between services may be exposed if not properly encrypted
Information Disclosure
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1040 | Network Sniffing | Credential Access |
| T1557 | Adversary-in-the-Middle | Credential Access |
Common Weakness Enumeration
Mitigating controls
ctrl-transit-1- Encrypt all data in transit using TLS
ctrl-transit-2- Avoid transmitting sensitive data when possible
ctrl-transit-3- Implement end-to-end encryption for highly sensitive data
ctrl-transit-4- Use secure protocols (HTTPS, SFTP, etc.)