Project Date
Cucumber Audit 15 Sep 2023, 07:09

Tag Report

Steps Scenarios Features
Tag Passed Failed Skipped Pending Undefined Total Passed Failed Total Duration Status
@Tampering 1 1 0 0 0 2 0 1 1 0.001 Failed
Feature: Authentication Page Threats
Tags: @Tampering
0.001
Scenario User Deception with Modified Responses
If the communication is unencrypted, there is a risk that an attacker could use a Man-in-The-Middle attack to modify responses. They may use a modified page to make user think they authorize a different application.
Before io.github.multicatch.cucumber.audit.NavigationStepDefs.<init>(NavigationStepDefs.kt:14) 0.000
Steps
When I connect to "http://localhost.:8000/accounts/login" 0.000
Then the connection should be secure 0.000
java.lang.AssertionError: 
java.lang.AssertionError: 
Expecting actual:
  sun.net.www.protocol.http.HttpURLConnection:http://localhost.:8000/accounts/login
to be an instance of:
  javax.net.ssl.HttpsURLConnection
but was instance of:
  sun.net.www.protocol.http.HttpURLConnection
	at io.github.multicatch.cucumber.audit.ProtocolInspectionStepDefs._init_$lambda$2(ProtocolInspectionStepDefs.kt:22)
	at ✽.the connection should be secure(classpath:io/github/multicatch/cucumber/audit/Authentication_Page.feature:79)