Details
Alert Id 90027
Alert Type Active Scan Rule
Status beta
Risk Informational
CWE 200
WASC 45

Summary

Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.

Solution

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/SlackerCookieScanRule.java