# SSL/TLS Certificate Validation Disabled

- ID: python-certificate-validation-bypass
- Severity: HIGH
- CWE: Improper Certificate Validation (CWE-295)
- Languages: Python

## Description

Detects disabled SSL/TLS certificate validation. Disabling certificate
validation makes connections vulnerable to man-in-the-middle attacks.

## Remediation

Keep SSL certificate verification enabled (default behavior).

```python
import requests

# Certificate verification is enabled by default
response = requests.get('https://api.example.com')

# For custom CA certificates
response = requests.get('https://api.example.com', verify='/path/to/ca-bundle.crt')
```

Learn more: https://shoulder.dev/learn/python/cwe-295/certificate-validation-bypass

## Documentation

[object Object]

## Related Rules

- **Insecure TLS/SSL Configuration** [HIGH]: 
- **Insecure TLS/SSL Configuration** [HIGH]: 
- **SSL/TLS Certificate Verification Disabled** [HIGH]: