/alerttags/wstg-v42-cryp-03/ Recent content in WSTG-V42-CRYP-03 on ZAP Hugo en-us /docs/alerts/10106/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10106/ <p>The site is only served under HTTP and not HTTPS.</p> /docs/alerts/10041/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10041/ <p>This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.</p> /docs/alerts/10047/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10047/ <p>Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).</p> /docs/alerts/10042/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10042/ <p>This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they&rsquo;re submitting data to a secure page when in fact they are not.</p> /docs/alerts/10040/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10040/ <p>The page includes mixed content, that is content accessed via HTTP instead of HTTPS.</p>