This flaw occurs when the web application handles confidential information in clear text, either at rest (for example, a database connection string password in clear text) or in transit (for example, HTTP instead of HTTPS). In practice, you need to look for the following issues:
- Missing security headers (I will show you the security headers in upcoming chapters when we talk about secure coding practices)
- Any weak cipher algorithms used at rest or in transit (for example, MD5)
- Any clear text protocols used to transmit data (for example, HTTP, FTP, Telnet, or SMTP)
- Any issues with the TLS/SSL certificate