Protocol: SSL enforced¶

Identifier: frontend_ssl

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Frontend applications making requests over plain HTTP or WebSocket connections can have data intercepted before connections are secured, potentially allowing attackers to steal or alter sensitive information in real time.

How we test: We analyze frontend code and network requests to detect if applications make requests over plain HTTP or unencrypted WebSocket connections. We check if all API calls and WebSocket connections use HTTPS/WSS and verify if secure connections are enforced from the start.

References:

https://developers.google.com/search/docs/advanced/security/https

Configuration¶

Example¶

Example configuration:

---
security_tests:
  frontend_ssl:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.