Owasp Api8 2023 No Server Http Error

OWASP API8 2023 No Server HTTP (Edit)

Server interactions must not use http:// as it is inherently insecure and can lead to PII and other sensitive information being leaked through traffic sniffing or man-in-the-middle attacks. Use https:// or wss:// instead.

OWASPSecurityTransportServersOpenAPI

Rule Definition

{"owasp-api8-2023-no-server-http-error":{"description":"Server interactions must not use http:// as it is inherently insecure and can lead to PII and other sensitive information being leaked through traffic sniffing or man-in-the-middle attacks. Use https:// or wss:// instead.","message":"Server URLs must not use http://. Use https:// or wss:// instead.","given":"$.servers..url","severity":"error","then":{"function":"pattern","functionOptions":{"notMatch":"^http:"}}}}

Back to All of the Rules

OWASP API8 2023 No Server HTTP (Edit)

This Page

Open & Ask

Rule Definition