Summary

The system should regularly check DNS names and sub-domain names in use by the application for expiration or change. This helps protect applications from the effects of sub-domain takeover attacks.

Description

The primary purpose behind this verification is to protect the application from sub-domain takeover attacks. Sub-domain takeover attacks typically involve an attacker registering a domain that was previously used by a third-party service but is no longer active. If the sub-domain's DNS records are not properly updated or removed, an attacker can take control of the sub-domain and eventually launch attacks, such as phishing or serving malicious content under the assumed trust of the legitimate domain.

Supported In

This requirement is verified in following services

References

• CWE™-350. Reliance on reverse DNS resolution for a security-critical action
• ISO/IEC 27002-8_20. Network controls
• C2M2-9_2_g. Implement network protections for cybersecurity architecture
• ISO/IEC 27001-8_20. Network controls
• Resolution SB 2021 2126-Art_30_6. Security in Electronic Channels - Digital Banking

Vulnerabilities

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.