Sensitive Data In Cookie


The application stores sensitive information in the HTTP cookies. Attackers may gain access to sensitive information if cookies are transmitted or stored insecurely. In addition, cookies are often stored in multiple locations including proxy logs, server logs, and security device logs, among other places, potentially exposing the data to attackers with access to those locations.


Storing sensitive information in cookies is a risk to the application since attackers may expose cookies in a number of different ways. An attacker who can access a user’s cookies either locally, capture them in transit, or retrieve them from log files of devices such as proxies where they are often stored, can expose sensitive or personal information from the application.

Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply