Provide extended validation (EV) certificates
Summary
Public applications with critical content should provide extended validation (EV) certificates.
Description
The use of Extended Validation (EV) certificates enhances the user experience by providing a clear and recognizable indication of a website's legitimacy. These certificates are a type of digital certificate used in the context of secure communication over the internet, providing a higher level of assurance to users and website visitors by undergoing a more rigorous validation process compared to standard SSL/TLS certificates.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References
- CWE™-295. Improper certificate validation
- CWE™-298. Improper validation of certificate expiration
- OWASP TOP 10-A7. Identification and authentication failures
- CMMC-AC_L1-3_1_22. Control public information
- HITRUST CSF-09_z. Publicly available information
- HITRUST CSF-10_c. Control of internal processing
- ISO/IEC 27002-8_26. Application security requirements
- BSAFSS-EN_3-3. Software protects and validates encryption keys
- ISO/IEC 27001-8_26. Application security requirements
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.