R090. Use valid certificates

Requirement

The system must not use expired digital certificates.

References

  1. CWE-299: Improper Check for Certificate Revocation. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

  2. OWASP-ASVS v4.0.1 V9.2 Server Communications Security Requirements.(9.2.4) Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.