Usage of insecure websocket connection

Overview

Rule ID: javascript_lang_websocket_insecure
Applicable Languages: Javascript
Weakness ID: CWE-319

Description

Your application is vulnerable when connecting to APIs via insecure websocket connections. This risk arises because data transmitted over these connections can be intercepted or altered by attackers. Make sure all websocket connections in your application use SSL to encrypt data in transit, protecting it from unauthorized access.

Remediation Guidelines

Avoid starting websocket connections without SSL, as these connections are susceptible to interception and compromise.
```
const client = new WebSocket('ws://insecure-api.com'); // insecure
```
Ensure that all websocket connections are secured with SSL. This encrypts the transmitted data, safeguarding it from eavesdropping and tampering.
```
const client = new WebSocket('wss://secure-api.com');
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of insecure HTTP connection NextUsage of insufficient random value

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration