| Details | |
|---|---|
| Alert ID | 200008 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Low |
| CWE | 319 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-319 OWASP_2021_A02 OWASP_2025_A04 TOOL_PTK |
Summary
Looks for common WebSocket endpoints and insecure patterns such as ws:// from HTTPS pages.
Generated by OWASP PTK DAST Module
Solution
Protect WebSocket endpoints like any other authenticated API. • Use wss:// for all WebSocket connections, especially from HTTPS origins. • Validate the Origin header and enforce authentication and authorisation on each connection. • Avoid exposing sensitive operations over publicly reachable WebSocket endpoints.Other Info
References
- https://owasp.org/Top10/2025/A04_2025-Cryptographic_Failures/
- https://cwe.mitre.org/data/definitions/319.html