Verify sub-domain names
Summary
The system should regularly check DNS names and sub-domain names in use by the application for expiration or change. This helps protect applications from the effects of sub-domain takeover attacks.
Description
The primary purpose behind this verification is to protect the application from sub-domain takeover attacks. Sub-domain takeover attacks typically involve an attacker registering a domain that was previously used by a third-party service but is no longer active. If the sub-domain's DNS records are not properly updated or removed, an attacker can take control of the sub-domain and eventually launch attacks, such as phishing or serving malicious content under the assumed trust of the legitimate domain.
References
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan