Usage of insecure HTTP connection

Overview

Rule ID: javascript_lang_http_insecure
Applicable Languages: Javascriptscript
Weakness ID: CWE-319

Description

Your application is vulnerable when connecting to APIs via insecure HTTP connections. HTTP does not encrypt data, leaving it exposed to interception and tampering. Ensure your application uses HTTPS for all connections, as it encrypts data in transit and enhances security.

Remediation Guidelines

Avoid using HTTP for outgoing connections or API calls. This practice exposes your data to risks such as eavesdropping and tampering.
```
const response = axios.get('http://insecure-api.com') // unsafe
```
Ensure that all external connections, particularly API calls, utilize HTTPS to secure data in transit.
```
const response = axios.get('https://secure-api.com')
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of Hard-Coded Secret NextUsage of insecure websocket connection

Last updated 3 months ago