software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

VBA : HTTP usage

Classification

OWASP Mobile Top 10 2016 M3-Insecure Communication M2-Insecure Data Storage M5-Insufficient Cryptography OWASP Top 10 2017 A3-Sensitive Data Exposure A6-Security Misconfiguration OWASP Top 10 2021 A2-Cryptographic Failures A5-Security Misconfiguration OWASP MASVS V5: 5.1.(L1/L2/L1+R/L2+R) OWASP ASVS Communication PCI DSS 4.0 4.2.1 6.2.4 HIPAA §164.312 (e)(1) §164.312 (e)(2)(ii) CWE CWE-200 CWE-319 CWE-359 CWE-1032 CWE/SANS Top 25 2021 CWE-200

Overview

Using HTTP rather than HTTPS allows “the man in the middle” attack. This can lead to a complete confidentiality loss of the transferred data.

Using HTTPS, which is based on HTTP and SSL / TLS, helps to protect the transferred data against unauthorized access and modification. It is recommended to use HTTPS for all cases of data transfer between the client and the server, in particular, for the login page and all pages that require authentication.

References

  1. OWASP Top 10 2017-A3-Sensitive Data Exposure
  2. Transport Layer Protection Cheat Sheet – OWASP
  3. Web Security: Why You Should Always Use HTTPS – Mike Shema / Mashable
  4. CWE-319: Cleartext Transmission of Sensitive Information
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration

See also

VBA : Hardcoded password
VBA : Undocumented feature: special account
VBA : Weak hashing algorithm