Details
Alert Id 10042
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they're submitting data to a secure page when in fact they are not.

Solution

Ensure sensitive data is only sent over secured HTTPS channels.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/InsecureFormPostScanRule.java