R090. Use valid certificates

Requirement

The system must not use expired digital certificates.

References

  1. CWE-299: Improper Check for Certificate Revocation. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

  2. OWASP-ASVS v4.0.1 V9.2 Server Communications Security Requirements.(9.2.4) Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy