Communication with an insecure FTP server detected.

Rule ID: php_lang_insecure_ftp
Languages: php
Source: insecure_ftp.yml

Description

Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.

Remediations

✅ To ensure secure FTP connections are made, use the ftp_ssl_connect function

$ftp = ftp_ssl_connect("ftp.example.com");

Resources

OWASP insecure transport

Associated CWE

CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_insecure_ftp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_insecure_ftp

Ready to take the next step? Learn more about Bearer Cloud.