Fluid Attacks Database

Description

Detects Application Load Balancers (ALBs) that have HTTP listeners which aren't properly redirecting traffic to HTTPS. This represents a security risk since unencrypted HTTP traffic could be intercepted, potentially exposing sensitive data in transit.

Weakness:

372 - Use of an insecure channel - HTTP

Category: Information Collection

Detection Strategy

• Identifies Application Load Balancers with HTTP listeners (port 80)

• Reports a vulnerability if an HTTP listener has no redirection configuration set up

• Reports a vulnerability if an HTTP listener redirects to another HTTP endpoint instead of HTTPS

• Only evaluates Application Load Balancer type (ignores Network and Gateway load balancers)

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.