Details
Alert Id 10041
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.

Solution

Use HTTPS for landing pages that host secure forms.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/InsecureFormLoadScanRule.java