Details
Alert Id 90027
Alert Type Active
Status beta
Risk Informational
CWE 200
WASC 45
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-SESS-02

Summary

Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.

Solution

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/SlackerCookieScanRule.java