colleend.insecure-transport-javastdlib

Community Favorite

r2c

Author

108

Download Count*

LGPL Commons Clause

License

Rule pack for detecting insecure transport in java stdlib.

Run Locally

Rules (11)

problem-based-packs.insecure-transport.java-stdlib.bypass-tls-verification.bypass-tls-verification

returntocorp

java

Checks for redefinitions of the checkServerTrusted function in the X509TrustManager class that disables TLS/SSL certificate verification. This should only be used for debugging purposes because it leads to vulnerability to MTM attacks.

problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions1.disallow-old-tls-versions1

returntocorp

java

Detects direct creations of SSLConnectionSocketFactories that don't disallow SSL v2, SSL v3, and TLS v1. SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates. These protocols are deprecated due to POODLE, man in the middle attacks, and other vulnerabilities.

problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions2.disallow-old-tls-versions2

returntocorp

java

Detects setting client protocols to insecure versions of TLS and SSL. These protocols are deprecated due to POODLE, man in the middle attacks, and other vulnerabilities.

problem-based-packs.insecure-transport.java-stdlib.ftp-request.ftp-request

returntocorp

java

Checks for outgoing connections to ftp servers. FTP does not encrypt traffic, possibly leading to PII being sent plaintext over the network.

problem-based-packs.insecure-transport.java-stdlib.http-components-request.http-components-request

returntocorp

java

Checks for requests sent via Apache HTTP Components to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.

problem-based-packs.insecure-transport.java-stdlib.httpclient-http-request.httpclient-http-request

returntocorp

java

Checks for requests sent via HttpClient to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.

problem-based-packs.insecure-transport.java-stdlib.telnet-request.telnet-request

returntocorp

java

Checks for attempts to connect through telnet. This is insecure as the telnet protocol supports no encryption, and data passes through unencrypted.

problem-based-packs.insecure-transport.java-stdlib.tls-renegotiation.tls-renegotiation

returntocorp

java

Checks for cases where java applications are allowing unsafe renegotiation. This leaves the application vulnerable to a man-in-the-middle attack where chosen plain text is injected as prefix to a TLS connection.

problem-based-packs.insecure-transport.java-stdlib.unirest-http-request.unirest-http-request

returntocorp

java

Checks for requests sent via Unirest to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.

problem-based-packs.insecure-transport.java-stdlib.httpurlconnection-http-request.httpurlconnection-http-request

returntocorp

java

Detected an HTTP request sent via HttpURLConnection. This could lead to sensitive information being sent over an insecure channel. Instead, it is recommended to send requests over HTTPS.

problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request

returntocorp

java

Insecure transport rules to catch socket connections to http, telnet, and ftp servers. This is dangerous because these are protocols that do not encrypt traffic.