Provide extended validation (EV) certificates
Summary
Public applications with critical content should provide extended validation (EV) certificates.
Description
The use of Extended Validation (EV) certificates enhances the user experience by providing a clear and recognizable indication of a website's legitimacy. These certificates are a type of digital certificate used in the context of secure communication over the internet, providing a higher level of assurance to users and website visitors by undergoing a more rigorous validation process compared to standard SSL/TLS certificates.
References
- CWE-295. Improper certificate validation
- CWE-298. Improper validation of certificate expiration
- OWASP10-A7. Identification and authentication failures
- CMMC-AC_L1-3_1_22. Control public information
- HITRUST-09_z. Publicly available information
- HITRUST-10_c. Control of internal processing
- ISO27002-8_26. Application security requirements
- BSAFSS-EN_3-3. Software protects and validates encryption keys
- ISO27001-8_26. Application security requirements
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan