Identify forms that are transmitting sensitive data and monitor changes and destination sites.
The Forms section provides an easy way to monitor all forms that your site is using and where that information is going.
- Ensure that forms are transmitting sensitive data over a secure connection. We identify forms that are transmitting data like passwords, credit card numbers, and email addresses and verify that they're using HTTPS.
- Verify that action (destination) URLs are consistent and trustworthy. Keep track of 3rd party sites where form data is being sent.
We scrape all form tags found on the target along with their destination (action) links, the protocol they are using (HTTP/HTTPS), and method (GET/POST).
Risk is assigned by verifying that forms are being submitted encrypted via HTTPS instead of a plaintext HTTP connection.
- High (● Red):
- The page is not using HTTPS and password is detected as the form field.
- The page is not using HTTPS and credit card info is detected as the form field.
- The form uses the HTTP GET method and has password as the form field.
- The form uses the HTTP GET method and has credit card info as the form field.
- Medium (● Yellow): The page is not using HTTPS and email address is detected as the form field.
- Low (● Green): No significant risks are associated with the form.
We recommend fixing both High and Medium risk issues.
Forms can be monitored for changes by toggling their monitor status on the List page. If a change is detected it will trigger a
website-form-monitor-changeevent so you can be immediately notified.
Learn more about events at: