Usage of insecure websocket connection

Description

Applications should only connect to APIs using SSL connections. This rule checks that all websocket connections use SSL.

Remediations

❌ Avoid using unsecured outgoing websocket communication:

$client = new Client('ws://insecure-api.com')

✅ Always connect using SSL:

$client = new Client('wss://secure-api.com')

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_websocket_insecure

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_websocket_insecure