GETParamOverSSL
Created by: armorcodegithubpreprod[bot]
Threat Class :Information Leakage Reason :AppScan found parameters in the query part of the HTTP request, which was sent over SSL. Technical Description :During the application test, it was detected that a request, which was sent over SSL, contained parameters that were transmitted in the Query part of an HTTP request. When sending requests, the browser's history can be used to reveal the URLs, which contain the query parameter names and values. Due to the sensitivity of encrypted requests, it is suggested to use HTTP POST (without parameters in the URL string) when possible, in order to avoid the disclosure of URLs and parameter values to others. Risk :It may be possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted
Mitigation: Make sure that sensitive information such as: is always sent in the body part of an HTTP POST request.