Set-Cookie/EN: Unterschied zwischen den Versionen
Zeile 4: | Zeile 4: | ||
|'''Check'''|| {{:{{PAGENAME}}/Negative}} | |'''Check'''|| {{:{{PAGENAME}}/Negative}} | ||
|- | |- | ||
− | |''' | + | |'''Description'''|| {{:{{PAGENAME}}/Description}} |
|- | |- | ||
− | |''' | + | |'''Background'''|| {{:{{PAGENAME}}/Background}} |
|- | |- | ||
− | |''' | + | |'''Consequence'''|| {{:{{PAGENAME}}/Consequence}} |
|- | |- | ||
− | |''' | + | |'''Solution/Tips'''|| {{:{{PAGENAME}}/Solution_Tips}} |
|} | |} | ||
Zeile 16: | Zeile 16: | ||
[[Category:Siwecos-Scanner/EN]] | [[Category:Siwecos-Scanner/EN]] | ||
{{:{{PAGENAME}}/Category}} | {{:{{PAGENAME}}/Category}} | ||
− |
Version vom 15. März 2019, 14:00 Uhr
Check of Set-Cookie
Check | Cookies are not secured. |
Description | Cookies should be secured by setting the HttpOnly and Secure flags to ensure they cannot be read or altered by others. |
Background | Checks whether or not cookies are secured. |
Consequence | Unsecured cookies can be altered or read through a man-in-the-middle-attack. |
Solution/Tips | `httpOnly`-flag: set this so that cookies cannot be accessed by Javascript. You protect session information from being stolen and misused. Whoever owns a session cookie is authenticated.
`secure`-Flag: set this to ensure that cookies are only transmitted across encrypted (https) channels. |