Update MASWE-0052 draft (#2864)

* Update MASWE-0052 draft * Update weaknesses/MASVS-NETWORK/MASWE-0052.md
OWASP · Aug 5, 2024 · fdf95bf · fdf95bf
1 parent 7b03a5e
commit fdf95bf
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/weaknesses/MASVS-NETWORK/MASWE-0052.md b/weaknesses/MASVS-NETWORK/MASWE-0052.md
@@ -9,6 +9,15 @@ mappings:
   masvs-v2: [MASVS-NETWORK-1]
   cwe: [295]
 
+refs:
+  - https://developer.android.com/privacy-and-security/risks/unsafe-trustmanager
+  - https://developer.android.com/privacy-and-security/risks/unsafe-hostname
+  - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf#page=17
+  - https://developer.android.com/privacy-and-security/security-ssl#tls-1.3-enabled-by-default
+  - https://support.google.com/faqs/answer/7071387?hl=en
+  - https://developer.android.com/reference/android/webkit/WebViewClient.html?sjid=15211564825735678155-EU#onReceivedSslError(android.webkit.WebView,%20android.webkit.SslErrorHandler,%20android.net.http.SslError)
+  - https://developer.android.com/privacy-and-security/security-ssl#WarningsSslSocket
+  - https://wiki.sei.cmu.edu/confluence/display/java/MSC00-J.+Use+SSLSocket+rather+than+Socket+for+secure+data+exchange
 draft:
   description: e.g. not checking the certificate chain, not checking the hostname,
     not checking the validity period, not checking the revocation status, etc. The