Communication with an unsecure FTP server detected.

Description

Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.

Remediations

✅ To ensure secure FTP connections are made, use the Net::SFTP library instead of Net::FTP:

require 'net/sftp'
Net::SFTP.start('host', 'username', password: ENV['password') do |sftp|
...
end

Resources

Associated CWE

OWASP Top 10