A vulnerability: Insecure Transport - Disabled App Transport Security(Critical) was found.
Scanner: FORTIFY
Description: App Transport Security (ATS) enforces best practices for secure network connections such as TLS 1.2 and forward secrecy and will be updated in the future to reflect Apple's network best practices.
App Transport Security (ATS) is enabled by default when using NSURLSession, NSURLConnection, or CFURL in iOS 9 or OS X El Capitan which enforces the application to use HTTPS with TLS 1.2 for all the network communications with the back end server.
The application is configured to partially or entirely opt-out of App Transport Security (ATS) which leaves the application at risk of suffering man-in-the-middle attacks and other network-based attacks.
Example 1: The following entries in the application Info.plist will entirely disable App Transport Security:
NSAppTransportSecurityNSAllowsArbitraryLoads
Example 2: The following entries in the application Info.plist will disable App Transport Security for yourserver.com:
Recommendation: Do not disable App Transport Security (ATS). If your back end server requires an insecure connection, contact the server administrator to request better security.
Asset Information:
Asset name: nano-ios-app
Scan was run on: 2017-03-02 07:49:51
Nucleus Notification Rules Triggered: test2
Please see Nucleus for more information on these vulnerabilities
A vulnerability: Insecure Transport - Disabled App Transport Security(Critical) was found. Scanner: FORTIFY Description: App Transport Security (ATS) enforces best practices for secure network connections such as TLS 1.2 and forward secrecy and will be updated in the future to reflect Apple's network best practices. App Transport Security (ATS) is enabled by default when using NSURLSession, NSURLConnection, or CFURL in iOS 9 or OS X El Capitan which enforces the application to use HTTPS with TLS 1.2 for all the network communications with the back end server. The application is configured to partially or entirely opt-out of App Transport Security (ATS) which leaves the application at risk of suffering man-in-the-middle attacks and other network-based attacks. Example 1: The following entries in the application Info.plist will entirely disable App Transport Security:
Example 2: The following entries in the application Info.plist will disable App Transport Security for yourserver.com:
Recommendation: Do not disable App Transport Security (ATS). If your back end server requires an insecure connection, contact the server administrator to request better security. Asset Information: Asset name: nano-ios-app
Scan was run on: 2017-03-02 07:49:51 Nucleus Notification Rules Triggered: test2 Please see Nucleus for more information on these vulnerabilities