Web Application Session Cookies Flag Misconfiguration Detection Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Web Application Session Cookies Flag Misconfiguration Detection Scanner Detail

This tool can be used to examine HTTP services' cookie settings.

Examines cookies set by HTTP services. Reports any session cookies set without the httponly flag. Reports any session cookies set over SSL without the secure flag. If http-enum.nse is also run, any interesting paths found by it will be checked in addition to the root.

Some Advice for Common Problems

If possible, add the 'HttpOnly' attribute to all session cookies.

Host the web application on a server that only provides SSL (HTTPS).

Mark all cookies as 'secure'.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service