Route processes payments without HTTPS
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우
언제든지 연락주시기 바랍니다.Description
This API endpoint was found processing payments over a non encrypted channel.
Using plain HTTP for APIs is a significant security risk because it exposes sensitive data to potential interception, manipulation, and unauthorized access. Services must only provide HTTPS endpoints.
Rationale
This finding works by identifying an API that:
- Is tracking a payment business logic event (tags containing the
payment.
prefix). - Uses an HTTP connection, sending data in the clear over the wire.
- Implement the HTTP Strict Transport Security (HSTS) header to instruct the user’s browser to always request the site over HTTPS.
References