Kingdom: Environment
This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.
Information Discovery: WebSockets
Abstract
Thoroughly evaluate applications that use WebSockets for security weaknesses in sub-protocol implementation.
Explanation
Applications can send and receive data in raw format from WebSockets. However, most applications follow custom protocols. Security weaknesses in implementation of sub-protocols can lead to exploits.
desc.dynamic.xtended_preview.information_discovery_websockets