Protocol: SSL enforced¶

Identifier: ssl

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

API routes allowing plain HTTP can have data intercepted before connections are secured, potentially allowing attackers to steal or alter sensitive information in real time.

How we test: We analyze API endpoints and network requests to detect if routes allow plain HTTP connections. We check if HTTPS is enforced from the start and verify if secure connections are properly configured to prevent man-in-the-middle attacks.

References:

https://developers.google.com/search/docs/advanced/security/https

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ssl:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.