Connection through an unsecure HTTP communication detected.

Description

Applications should only connect to API using HTTPS connections. This rule checks that all HTTP connections use HTTPS.

Remediations

❌ Avoid using unsecured outgoing HTTP communication, especially in the context of API calls:

response = HTTParty.get('http://insecure-api.com')

✅ Ensure to always connect though HTTPS:

response = HTTParty.get('https://secure-api.com')

Resources

Associated CWE

OWASP Top 10