Home /
Products

/

Rules

/

List

/

Certificates

/

R090. Use valid certificates

R090. Use valid certificates

Requirement

The system must not use expired digital certificates.

Findings

F049. Insecure digital certificates

References

CWE-299: Improper Check for Certificate Revocation. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.
OWASP-ASVS v4.0.1 V9.2 Server Communications Security Requirements.(9.2.4) Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.

Contact us

We are a proud corporate member of the OWASP Foundation

Products
Integrates
Skims
Drills
Forces

Services
Continuous Hacking
One-shot Hacking
Comparative

Solutions
DevSecOps
Security Testing
Pentesting
Ethical Hacking
Red Teaming
Attack Simulation

About Us
Certifications
Differentiators
Values
Reviews
Resources
Events
People
Partners
Security

Blog
Careers
FAQ
Community
Contact
Newsletter

Contact Us

Number is valid Number is not valid

Please select an option

Clutch Review

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy