Update 9.1.2.yaml

Signed-off-by: AmirHossein Raeisi <[email protected]>
OWASP · Sep 1, 2024 · b0011ca · b0011ca
1 parent 8d4374c
commit b0011ca
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/templates/9.1.2.yaml b/templates/9.1.2.yaml
@@ -9,6 +9,8 @@ info:
   reference:
     - https://www.acunetix.com/vulnerabilities/web/tls-ssl-weak-cipher-suites/
     - https://github.com/projectdiscovery/nuclei-templates/blob/main/ssl/insecure-cipher-suite-detect.yaml
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security
+    - https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html
   tags: asvs,9.1.2
   description: |
     Verify using up to date TLS testing tools that only strong cipher suites are enabled, with the strongest cipher suites set as preferred.
@@ -420,4 +422,4 @@ ssl:
           - "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"
           - "TLS_KRB5_WITH_RC4_128_SHA"
           - "TLS_RSA_WITH_NULL_SHA"
-        condition: or
+        condition: or