Usage of insecure HTTP connection
Last updated
Last updated
Rule ID: javascript_lang_http_insecure
Applicable Languages: Javascriptscript
Weakness ID: CWE-319
Your application is vulnerable when connecting to APIs via insecure HTTP connections. HTTP does not encrypt data, leaving it exposed to interception and tampering. Ensure your application uses HTTPS for all connections, as it encrypts data in transit and enhances security.
Avoid using HTTP for outgoing connections or API calls. This practice exposes your data to risks such as eavesdropping and tampering.
Ensure that all external connections, particularly API calls, utilize HTTPS to secure data in transit.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our