---
title: Validate TLS Certificates
impact: HIGH
impactDescription: prevents Man-in-the-Middle (MitM) attacks by ensuring server authenticity
tags: security, tls, mitm, authentication
---

## Validate TLS Certificates

When making outbound HTTPS requests, always verify the server's certificate. Avoid disabling verification.

**Incorrect (disabled verification):**

```ruby
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE # Extremely Dangerous
```

**Correct (verified):**

```ruby
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER # Standard and Secure
```

**Tools:** Brakeman, RuboCop
---