AppScan reported this error: Encryption Not Enforced
manipulated from: https to: http
manipulated from: 443 to: 80
Header manipulated from: q2web.mercerhrs.com to: q2web.mercerhrs.com:80
Reasoning: The test response is very similar to the original response. This indicates that the the resource was successfully accessed using HTTP instead of HTTPS.
Test Requests and Responses:
GET /Site/Page.asp?RID=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30;.NET4.0C; .NET4.0E)
But We have removed http and port 80 at F5 level, and user can't browse the site using http://. I dont see any response as well in the report related to http://.
we are using "AppScan Standard 18.104.22.168, Rules: 1524"
Is it a AppScan bug?
This topic has been locked.
Pinned topic Encryption Not Enforced
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
NicChop 2700019UWR5 Posts
Re: Encryption Not Enforced2013-02-26T16:35:06ZThis is the accepted answer. This is the accepted answer.Hello,
To really dig into this we'd need to look at the test traffic. Best thing to do would be to log a PMR with us.
This technote tells you what we'd need:
And here's where to log a PMR: