Insecure websocket communication detected.

Rule ID: javascript_lang_websocket_insecure
Languages: javascript
Source: websocket_insecure.yml

Description

Applications should only connect to APIs using SSL connections. This rule checks that all websocket connections use SSL.

Remediations

❌ Avoid using unsecured outgoing websocket communication:

const client = new WebSocket('ws://insecure-api.com')

✅ Always connect using SSL:

const client = new WebSocket('wss://secure-api.com')

Resources

OWASP insecure transport

Associated CWE

CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

A02:2021 - Cryptographic Failures

Ready to take the next step? Join the Bearer Cloud waitlist.