Use of HTTP instead of HTTPS
Description
HTTP GET request detected using HttpGet with a non-secure HTTP URL. Transmitting data over HTTP is insecure as it does not provide encryption, potentially exposing sensitive information to interception or tampering. Use HTTPS instead to ensure confidentiality and integrity of the communication.
Examples
Insecure Code
java
HttpGet httpGet = new HttpGet("http://example.com");Secure Code
java
HttpGet httpGet = new HttpGet("https://example.com");Remediation
Replace HTTP with HTTPS in the URL used for the HttpGet request.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0229 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | insecure transport, sensitive data exposure |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |
References
- https://example.com
- https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
- https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URLConnection.html