Usage of insecure FTP connection

Description

Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.

Remediations

✅ To ensure secure FTP connections are made, use the ftp_ssl_connect function

$ftp = ftp_ssl_connect("ftp.example.com");

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_insecure_ftp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_insecure_ftp