OWASP API Security Top 10 2019 Checklist

broken-user-authentication-use-tls

general > broken-user-authentication-use-tls

Guidance

The login page and all subsequent authenticated pages must be exclusively accessed over TLS or other strong
transport. Failure to use TLS or other strong transport for authenticated pages after login enables an attacker to view the
unencrypted session ID and compromise the user's authenticated session.

Message

Base Uri {{core.urlTemplate}} should be https

Examples

valid

#%RAML 1.0
title: test title
version: "1.0"
baseUri: https://domain.com

invalid

#%RAML 1.0
title: test title
version: "1.0"
baseUri: http://domain.com

Applies to Server

Type	Ruleset
Organization	MuleSoft
Published by	MuleSoft Organization
Published on	Nov 29, 2023

OWASP API Security Top 10 2019 Checklist

broken-user-authentication-use-tls

Guidance

Message

Examples

valid

invalid

Constraint

Type: Declarative Validation

Asset versions for 2.1.x

Tags