Insecure HTTP request via URLConnection
Description
Detected use of HttpURLConnection or URLConnection with an HTTP URL. HTTP does not encrypt traffic and can expose sensitive data to interception. To mitigate this issue, switch to HTTPS and ensure the server supports secure transport.
Examples
Insecure Code
java
URL url = new URL("http://example.com/api/data"); HttpURLConnection con = (HttpURLConnection) url.openConnection(); con.setRequestMethod("GET");Secure Code
java
URL url = new URL("https://example.com/api/data"); HttpURLConnection con = (HttpURLConnection) url.openConnection(); con.setRequestMethod("GET");Remediation
Switch to HTTPS and ensure the server supports secure transport.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0507 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | insecure transport, http |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |