>myctrl.tools
Preferences
Under active development Content is continuously updated and improved

M10Insufficient Cryptography

>Control Description

**Application Specific** Threat agents who exploit insecure cryptography in mobile applications can undermine the confidentiality, integrity, and authenticity of sensitive information. These threat agents include attackers who target cryptographic algorithms or implementations to decrypt sensitive data, malicious insiders who manipulate cryptographic processes or leak encryption keys, state-sponsored actors engaged in cryptanalysis for intelligence purposes, cybercriminals who exploit weak encryption to steal valuable data or conduct financial fraud, and attackers who leverage vulnerabilities in cryptographic protocols or libraries.

>Prevention & Mitigation Strategies

  1. 1.Use strong, widely accepted encryption algorithms such as AES, RSA, or Elliptic Curve Cryptography (ECC); avoid deprecated or weak algorithms.
  2. 2.Select encryption keys with appropriate lengths following industry recommendations (e.g., AES-256, RSA-2048+) for the specific algorithm being used.
  3. 3.Follow secure key management practices: use key vaults or hardware security modules (HSMs), restrict key access to authorized personnel, and encrypt keys at rest.
  4. 4.Use strong hash functions like SHA-256 or bcrypt with proper salting; use Key Derivation Functions (KDFs) like PBKDF2 or scrypt for password hashing.
  5. 5.Employ secure transport layer protocols (HTTPS) for transmitting encrypted data; implement proper certificate validation and secure communication channels.
  6. 6.Conduct regular security testing including cryptographic vulnerability assessments, and stay updated with cryptographic standards from NIST and IETF.

>Attack Scenarios

#1

#2

#3

>References

Ask AI

Configure your API key to use AI features.