Clarifying A04:2021 – Insecure Design "key flows"
websec119 opened this issue · 1 comments
websec119 commented
A04:2021 – Insecure Design
How to Prevent
3rd item
Use threat modeling for critical authentication, access control, business logic, and key flows
In this explanation, which do you mean by "key flows".
- Critical or important flows in application? (Key means important)
- Cryptographic operation or process? (Key means crypto key)
jmanico commented
I would use "key lifecycle. Cryptographic operations seems ok as is.
Just my 2 cents.