Skip to content

Protocol: Insecure WebSocket Connection

Identifier: frontend_insecure_websocket

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

If frontend applications establish WebSocket connections over plain WS instead of WSS, attackers can intercept data, potentially leading to misuse of data, session hijacking, or other security breaches.

How we test: We analyze frontend code and WebSocket connection attempts to detect if WebSocket connections are established over unencrypted WS protocol instead of secure WSS. We check if connections are vulnerable to man-in-the-middle attacks.

Configuration

Example

Example configuration:

---
security_tests:
  frontend_insecure_websocket:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.