Insecure hostname validation check

Insecure hostname validation check

Risk: high

Description

The application performs insecure hostname validation using easy to bypass methods like startsWith or endsWith. An attacker can easily bypass this check by registering a domain that matches the check pattern.

Composite checks with both startsWith and endsWith are equally insecure as the attack can still create domain with random middle input that matches the checked pattern.

Recommendation

Hostname validation must use a whitelist approach that checks against the full value of the hostname against or use secure regular expression that match against the full hostname.

Links

• CWE-359: Improperly Implemented Security Check for Standard
• CWE-693: Protection Mechanism Failure

Standards

• OWASP_MASVS_L1:
  • MSTG_NETWORK_3
• OWASP_MASVS_L2:
  • MSTG_NETWORK_3
• CWE_TOP_25:
  • CWE_20
• PCI_STANDARDS:
  • REQ_6_2
  • REQ_6_3
  • REQ_11_3