Insecure Browser Cache


Description

The application caches sensitive data in the browser. Browser caching is defined within the implementation of HTTP 1.1 in RFC 7234 and is controlled through the Cache-Control response header. Although caching improves browser performance by not requiring resources to be downloaded on multiple occasions, it can expose sensitive information that has been stored by the browser. Sensitive data can be viewed by using the browser’s back button or by examining the browser cache stored on the local computer.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply