rspec/rules/S6249/description.adoc

By default, S3 buckets can be accessed through HTTP and HTTPs protocols. 

As HTTP is a clear-text protocol, it lack  the encryption of transported data, as well as the capability to build an authenticated connection. It means that a malicious actor who is able to intersept traffic from the network can read, modify or corrupt the transported content.
Fixed nightly update: mark the closed rules 2021-05-21 17:48:13 +02:00			`By default, S3 buckets can be accessed through HTTP and HTTPs protocols.`

Create rule S6249: Authorizing HTTP communications with S3 buckets is security-sensitive (APPSEC-40) (#1095) 2022-08-08 10:49:02 +02:00			`As HTTP is a clear-text protocol, it lack the encryption of transported data, as well as the capability to build an authenticated connection. It means that a malicious actor who is able to intersept traffic from the network can read, modify or corrupt the transported content.`