AppScan reported this error: Encryption Not Enforced
manipulated from: https to: http
manipulated from: 443 to: 80
Header manipulated from: q2web.mercerhrs.com to: q2web.mercerhrs.com:80
Reasoning: The test response is very similar to the original response. This indicates that the the resource was successfully accessed using HTTP instead of HTTPS.
Test Requests and Responses:
GET /Site/Page.asp?RID=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30;.NET4.0C; .NET4.0E)
But We have removed http and port 80 at F5 level, and user can't browse the site using http://. I dont see any response as well in the report related to http://.
we are using "AppScan Standard 220.127.116.11, Rules: 1524"
Is it a AppScan bug?
This topic has been locked.
1 reply Latest Post - 2013-02-26T16:35:06Z by NicChop
Pinned topic Encryption Not Enforced
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-02-26T16:35:06Z at 2013-02-26T16:35:06Z by NicChop
NicChop 2700019UWR5 PostsACCEPTED ANSWER
Re: Encryption Not Enforced2013-02-26T16:35:06Z in response to SystemAdminHello,
To really dig into this we'd need to look at the test traffic. Best thing to do would be to log a PMR with us.
This technote tells you what we'd need:
And here's where to log a PMR: