CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard

ATS arbitrary loads

ATS-arbitrary-loads

The application’s App Transport Security (ATS) configuration allows for insecure HTTP connections. The NSAllowsArbitraryLoads and NSTemporaryExceptionAllowsInsecureHTTPLoads property keys can be used to allow HTTP for all domains or a particular domain respectively. HTTPs should be used in all cases, to ensure secure communications - protecting data in transport.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-

- C
- l
- e
- a
- r
- t
- e
- x
- t
-

- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-

- o
- f
-

- S
- e
- n
- s
- i
- t
- i
- v
- e
-

- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

Assistant
Responses are generated using AI and may contain mistakes.
twitterlinkedin
Powered by Mintlify
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database

    ATS arbitrary loads

    ATS-arbitrary-loads

    The application’s App Transport Security (ATS) configuration allows for insecure HTTP connections. The NSAllowsArbitraryLoads and NSTemporaryExceptionAllowsInsecureHTTPLoads property keys can be used to allow HTTP for all domains or a particular domain respectively. HTTPs should be used in all cases, to ensure secure communications - protecting data in transport.
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Assistant
    Responses are generated using AI and may contain mistakes.
    twitterlinkedin
    Powered by Mintlify