Hello I am hoping that others out there have a little more experience with enabling websockets on an app. We currently offer a widely used application that is offered over HTTPS. The developers have decided that they want to use websockets for a sort of keepalive/idle check on users sessions. From an infrastructure standpoint, is there anything that we should be look for or testing for before going live? Also, from a dev standpoint, what are some things that we can do from a code standpoint to make sure this connection is going to be secure.
I know that there are some tests in Burp Suite for websockets such as MITM and XSS tests but I’m sure there are other things to look at. Thank you and please let me know if more detail on our environment would be helpful.