You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -63,8 +63,8 @@ Note: Due to issues with XXE attacks against DTDs, DTD validation should not be
| :---: | :--- | :---: | :---: | :---: | :---: |
|**13.5.1**|[ADDED] Verify that WebSocket Secure (wss) is used for all WebSocket connections. | ✓ | ✓ | ✓ | 319 |
|**13.5.2**|[ADDED] Verify that, during the initial HTTP WebSocket handshake, the Origin header is checked against a list of origins allowed for the application. | ✓ | ✓ | ✓ | 346 |
|**13.5.3**|[ADDED] Verify that, if the application's standard session management cannot be used, dedicated tokens are being used for this which comply with the relevant Session Management security requirments. | ✓ | ✓ | ✓ | 331 |
|**13.5.4**|[ADDED]Verify that the dedicated WebSocket session management tokens are initially obtained from a response to secure POST request only, and are not sent by the server through the WebSocket connection. | ✓ | ✓ | ✓ | 319 |
|**13.5.3**|[ADDED] Verify that, if the application's standard session management cannot be used, dedicated tokens are being used for this which comply with the relevant Session Management security requirements. | ✓ | ✓ | ✓ | 331 |
|**13.5.4**|[ADDED]When transitioning an existing HTTPS session to a WebSocket channel, verify that the dedicated WebSocket session management tokens are initially obtained or validated through the previously authenticated HTTPS session. | ✓ | ✓ | ✓ | 319 |
