Fluid Attacks Database

Description

This detector identifies when a web application serves content over unencrypted HTTP protocol instead of secure HTTPS. HTTP connections transmit data in plain text, making it vulnerable to eavesdropping, man-in-the-middle attacks, and data tampering by malicious actors who can intercept network traffic.

Weakness:

372 - Use of an insecure channel - HTTP

Category: Information Collection

Detection Strategy

• A vulnerability is reported when the target URL uses the HTTP protocol (scheme is 'http://')

• The detector triggers for any HTTP request made to the web application

• No additional conditions are required - simply accessing content over HTTP is sufficient to flag this security issue

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.