Secure Flag Not Set


Description

The application uses a cookie that is set without the Secure flag. The Secure flag is a cookie attribute that instructs browsers to not send the cookie over an insecure channel like HTTP. The Secure flag, which is accepted by all modern browsers, was officially defined in RFC 6265, which is the modern day standard for state management.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply