Description

When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.

The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text.

See how to fix it!

Risk

It is possible to steal or manipulate sessions and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.

How to set Secure flag in Cookie

Set secure flag in JAVA
Set secure flag in ASP.NET
Set secure flag in PHP
Set secure flag in Apache

Reference

https://www.owasp.org/index.php/SecureFlag

 

Share with your friends

appsec-labs-logo-007

No comments yet.

Leave a Reply

You must be logged in to post a comment.