Protocol: SSL Certificate¶

Identifier: ssl_certificate

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Certificates can go wrong when they're misconfigured, expired, or use weak encryption, which means the secure link you trust becomes vulnerable to interception or manipulation. If a certificate isnt set up correctly, attackers might trick users into thinking they're connected to a safe server when they're not, potentially stealing sensitive data or injecting malicious content. Developers often overlook the details like proper certificate validation, keeping up with encryption best practices, or updating protocols, leaving applications open to man-in-the-middle attacks and data breaches.

References:

https://www.thesslstore.com/blog/what-happens-when-your-ssl-certificate-expires/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ssl_certificate:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.