Details
Alert Id 10042
Alert Type Passive
Status release
Risk
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A06
OWASP_2021_A02
WSTG-V42-CRYP-03

Summary

This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they’re submitting data to a secure page when in fact they are not.

Solution

Ensure sensitive data is only sent over secured HTTPS channels.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/InsecureFormPostScanRule.java