| Details | |
|---|---|
| Alert ID | 90027 |
| Alert Type | Active |
| Status | beta |
| Risk | Informational |
| CWE | 205 |
| WASC | 45 |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A06 OWASP_2021_A05 WSTG-V42-SESS-02 |
| More Info |
Scan Rule Help |
Summary
Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.