StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
14680213
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2013-02-04T04:07:36.923
FavoriteCount
0
LastActivityDate
2013-02-04T04:07:36.923
LastEditDate
LastEditorUserId
0
OwnerUserId
1008514
ParentId
12958060
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
I agree this is badly worded. There is a revamp of the ASVS at the moment. Come on by and help us make things more concrete and testable. In your instance, TLS connections are typically maintained by the operating system on behalf of application and library code that rarely if ever makes any real effort to vaidate that the TLS connection is what it says it is on the tin. Browsers are getting better at warning their users, but libraries are shockingly bad and applications that call them worse at checking for end to end errors and making wise security decisions about the state of the connection. Even basic things like certificate revocation should be a no brainer, but so few libraries enable this by default. We see this every day in mobile phone apps - it's trivial to get most mobile apps to connect via MITM proxies that don't provide any user feedback that the connection is untrustworthy. I'd like to see this requirement to be: "User agent software (mobile app, browser, web service, library) MUST make it clear to the end user in terms they can readily understand that the connection is untrustworthy, and furthermore reject the connection, or to require user intervention to establish an insecure connection. Such failed or insecure connections should be logged." This would make sure that - regardless if it's the OS, the library or the application - someone owns this interaction, and that is has a clear security objective (no untrusted connections), a usability control that favors security, and lastly a detection control to allow pre-incident monitoring and post-incident re-construction if a user makes a terribly poor choice (for we know they always do given the chance). I know this doesn't answer your question per se, but you don't mention if you use OpenSSL or WCF or ... I'd be happy to contribute a code snippet if you let me know the platform you'd like. 
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POOWASP ASVS V10.4 Verify that backend TLS connection failures are logged ---- How?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USvanderaj
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COI think what's missing from these guidelines is a definition of "backend" (and under which circumstances TLS is needed for these connections).
 singulars
 PostPostId
 PO
 UserUserId
 USBruno

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.