Cookie Slack Detector

Type: Active Scan

Risk: Informational

Description

Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.

Solution

References

CWE: 200

WASC: 45

Code

Last updated: 2020-04-30 16:12:39.623Z