R091. Use internally signed certificates

Requirement

The organization must use certificates signed by valid internal certification authorities when these are for internal applications.

References

  1. CWE-295: Improper Certificate Validation. The software does not validate, or incorrectly validates, a certificate.

  2. OWASP-ASVS v4.0.1 V9.2 Server Communications Security Requirements.(9.2.1) Verify that connections to and from the server use trusted TLS certificates. Where internally generated or self-signed certificates are used, the server must be configured to only trust specific internal CAs and specific self-signed certificates. All others should be rejected.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy