pytm icon indicating copy to clipboard operation
pytm copied to clipboard
verified publisher icon izar

AA03 - is every implementsAuthenticationScheme an SSO scheme?

Open colesmj opened this issue 7 years ago • 0 comments

"AA03": { "description": "Weakness in SSO Authorization", "source": (Process, Element), "target": (Process, Server), "condition": "target.implementsAuthenticationScheme is False", },

What if the Process implements BasicAuth or uses mutual TLS (neither of which is SSO)? If the Process uses SAML or OAuth, then maybe. Maybe authenticationScheme as a string var is necessary?

colesmj avatar Oct 21 '18 15:10 colesmj