Security Test: Frontend SSL enforced¶
Description¶
Default Severity:
When you let a connection start with plain HTTP instead of forcing HTTPS from the beginning, you open up a gap where attackers can intercept and potentially modify data before it becomes secure. This creates a risk where sensitive information can be exposed or tampered with, leading to data misuse, loss of trust, and even penalties from search engines. Many developers mistakenly rely on measures that only secure the connection after it's already been established, which leaves that initial link open to man-in-the-middle attacks. The key takeaway is ensuring every connection is encrypted from the start to prevent these vulnerabilities.
Reference:
Configuration¶
Identifier:
frontend_protocol/ssl
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API2:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 4.1 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.1 |
NIST | SP800-53 |
FedRAMP | AC-17 |
CWE | 319 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
CVSS Score | 7.2 |