Use valid certificates

Summary

The system must not use expired digital certificates.

Description

empty

Supported In

This requirement is verified in following services

Plan	Supported
Machine	🔴
Squad	🟢

References

• CWE™-298. Improper validation of certificate expiration
• CWE™-299. Improper check for certificate revocation
• ISA/IEC 62443-IAC-1_8. Public key infrastructure (PKI) certificates
• NIST SSDF-PS_2_1. Provide a mechanism for verifying software release integrity
• ISSAF-V_6_4. Application security - Source code auditing (forms based authentication)
• PTES-6_7. Exploitation - Zero day angle
• PTES-7_4_2_7. Post exploitation - Pillaging (certificate authority)
• PTES-7_7. Post Exploitation - Persistence
• BSAFSS-EN_3-3. Software protects and validates encryption keys
• OWASP MASVS-V7_1. Code quality and build setting requirements
• OWASP ASVS-10_3_1. Application integrity
• SIG Core-I_3_2_4_2. Application security
• CASA-9_2_4. Server Communication Security
• Resolution SB 2021 2126-Art_30_1. Security in Electronic Channels - Digital Banking

Vulnerabilities

• 163. Insecure digital certificates
• 167. Insecure service configuration - Wireless Certificates
• 348. Insecure digital certificates - Lifespan
• 350. Insecure digital certificates - Chain of trust

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.