LogoLogo
APISupportDashboard
  • Welcome
  • Platform
    • Platform Overview
    • Getting Started Guide
    • Discovery
      • Domain Discovery
      • Network Discovery
      • Discovered Assets
    • Targets
      • Scan Policies
      • Add-on Services
      • Tags & Filtering
        • Default Tags
      • Managing Targets
      • Scan Configuration
    • Risk
    • Firewalls
      • Ports
      • HTTP Servers
      • DNS Records
    • Websites
      • Certificates
      • Scripts
      • Cookies
      • Headers
      • Forms
      • Links
      • Downloads
      • Traffic Hosts
      • Meta Tags
      • Pages
    • Technology
    • Issues
      • Vulnerability Management
      • Issue Settings
    • Reports
    • Compliance
    • Projects
      • Penetration Testing
      • Other Projects
    • Events
      • Event Rules
      • Event Types
    • Automations
      • Target Automations
      • Asset Automations
      • Target Issue Automations
  • Integrations
    • Discovery Integrations
      • Azure
      • Google Cloud
      • AWS
      • Cloudflare
      • Oracle Cloud Infrastructure
      • F5
      • GoDaddy
      • Wiz
      • HTTP
    • Workflow Integrations
      • Slack
      • Google Chat
      • Jira
      • PagerDuty
      • Splunk
      • AWS
      • Vanta
      • Microsoft Teams
      • ArmorCode
      • Zapier
        • Slack (via Zapier)
        • Jira (via Zapier)
        • Service Now (via Zapier)
    • Feeds
      • Using Feeds with Google Sheets
    • API
    • Webhooks
  • Account
    • Account Overview
      • Account Security
    • Users
      • Roles & Permissions
Powered by GitBook

© 2024 Halo Security

On this page
  • Use Cases
  • Detection
  • Risk
  • Monitoring
  • Pages

Was this helpful?

  1. Platform
  2. Websites

Forms

Identify forms that are transmitting sensitive data and monitor changes and destination sites.

The Forms section provides an easy way to monitor all forms that your site is using and where that information is going.

Use Cases

  • Ensure that forms are transmitting sensitive data over a secure connection. We identify forms that are transmitting data like passwords, credit card numbers, and email addresses and verify that they're using HTTPS.

  • Verify that action (destination) URLs are consistent and trustworthy. Keep track of 3rd party sites where form data is being sent.

Detection

We scrape all forms found on the target along with their destination, protocol (HTTP/HTTPS), and method (GET/POST).

Risk

Risk is assigned by verifying that forms are being submitted encrypted via HTTPS instead of a plaintext HTTP connection.

  • High (● Red):

    • The page is not using HTTPS and has a password field.

    • The page is not using HTTPS and has a credit card field.

    • The form uses the HTTP GET method and has a password field.

    • The form uses the HTTP GET method and has a credit card field.

  • Medium (● Yellow): The page is not using HTTPS and has an email address field.

  • Low (● Green): No significant risks are associated with the form.

We recommend fixing both High and Medium risk issues.

Monitoring

Learn more about events at:

Pages

PreviousHeadersNextLinks

Last updated 3 months ago

Was this helpful?

Forms rated High or Medium risk will create .

Forms can be monitored for changes by toggling their monitor status on the page. If a change is detected it will trigger a website-form-monitor-change event so you can be immediately notified.

: See risk ratings, protocols, methods, and field types (credit card/password/email) detected.

: View of field types by target.

: List of every form detected, along with field types, method, host, and action URL. Toggle monitor status of forms.

: View changes in forms and their fields between the current and previous scans.

issues
List
Events
Overview
Summary
List
Changes