-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathSG0004.htm
More file actions
134 lines (107 loc) · 4.91 KB
/
SG0004.htm
File metadata and controls
134 lines (107 loc) · 4.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<!DOCTYPE html>
<html lang="en">
<head>
<title>Certificate Validation has been disabled - Roslyn Security Guard</title>
<meta charset="utf-8">
<link href="css/bootstrap.min.css" media="screen" rel="stylesheet">
<link href="css/bootstrap-theme.min.css" media="screen" rel="stylesheet">
<link href="//fonts.googleapis.com/css?family=Ubuntu:400,500,700,400italic" rel="stylesheet" type="text/css">
<link href="css/font-awesome.min.css" media="screen" rel="stylesheet">
<!-- Custom styles -->
<link href="css/styles.css" media="screen" rel="stylesheet">
<!-- Mobile support -->
<meta content="width=device-width, initial-scale=1" name="viewport">
<meta property="og:locale" content="en_US" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Roslyn Security Guard" />
<meta property="og:description" content="Security Guard is a set of Roslyn analyzers that aim to help security audits on .NET applications." />
<meta property="og:site_name" content="Roslyn Security Guard" />
<meta name="twitter:card" content="summary" />
<meta name="twitter:description" content="Security Guard is a set of Roslyn analyzers that aim to help security audits on .NET applications." />
<meta name="twitter:title" content="Roslyn Security Guard" />
<meta name="keywords" content="security,owasp,csharp,c#,vb,.net,dotnet,asp.net,mvc,scanner,vulnerability,injection" />
<!-- IE 6-8 support of HTML 5 elements -->
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<![endif]-->
</head>
<body>
<a id="skippy" class="sr-only sr-only-focusable" href="#content"><div class="container"><span class="skiplink-text">Skip to main content</span></div></a>
<header class="navbar navbar-default navbar-fixed-top" id="top" role="banner">
<div class="container">
<div class="navbar-header">
<button class="navbar-toggle collapsed" type="button" data-toggle="collapse" data-target="#vertx-navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/" class="navbar-brand"><img alt="Security Guard Logo" src="images/logo-small.png"></a>
</div>
<nav class="collapse navbar-collapse" id="vertx-navbar-collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="index.htm">Download</a></li>
<li><a href="#comingsoon">Tutorial</a></li>
<li><a href="rules.htm">Rules</a></li>
</ul>
</nav>
</div>
</header>
<div class="index-header jumbotron jumbotron-ad hidden-print">
<div class="container">
<h2>Certificate Validation has been disabled</h2>
<a href="/rules.htm" class="btn-info btn-sm" role="button">Back to rules list</a>
</div>
</div>
<section id="rule" class="rule-single">
<div class="container highlight highlight-left">
<p>
Certificate Validation has been disabled. The communication could be intercepted.
</p>
<h3>Risk</h3>
<p>
Disabling certificate validation is often used to connect easily to a host that is not signed by a root
<a href="http://en.wikipedia.org/wiki/Certificate_authority">certificate authority</a>. As a consequence, this is vulnerable to
<a href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">Man-in-the-middle attacks</a>
since the client will trust any certificate.
</p>
<h3>Vulnerable Code</h3>
<pre>
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
</pre>
<h3>Solution</h3>
Using sign certificate.
<!--
TODO
https://forums.asp.net/p/1957866/5588946.aspx#5593221
-->
<h3>References</h3>
<p>
<a href="http://projects.webappsec.org/w/page/13246945/Insufficient%20Transport%20Layer%20Protection">WASC-04: Insufficient Transport Layer Protection</a><br/>
<a href="http://cwe.mitre.org/data/definitions/295.html">CWE-295: Improper Certificate Validation</a>
</p>
</div>
</section>
<br/><br/>
<footer>
<div class="highlight-gray">
<div class="container footer text-center">
<p>.NET Security Guard is open source licensed under the <a href="https://www.gnu.org/licenses/lgpl-3.0.en.html">GNU Lesser General Public License 3.0 (LGPL)</a>.</p>
</div>
</div>
</footer>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-90570539-1', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>