Description

Caching improves the user browsing experience by reducing the latency time, allowing for better bandwidth usage and reduction of the web server load.
Web pages with web cache enabled can be cached in the client browser as well as in the server proxies and gateways that are part of the web traffic between the client and the web server.
When a web page is not available, a web server and/or a web proxy can serve the browser with a cached web page.
Since cache information can contain sensitive data, it has to be protected from unauthorized access. In the case of web applications, it needs to avoid caching confidential information on the user’s browser.

See how to fix it!

Risk

Caching can cause the following security issue :

  • Unauthorized information disclosure via cached data access
  • Information disclosure via HTTP POST reply
  • Escalation of privileges and user impersonation via cached sessionIDs and cookies

How to prevent Web Page Caching

Prevent Web Page Caching in ASP.NET
Prevent Web Page Caching in JAVA
Prevent Web Page Caching in PHP

Reference

https://www.owasp.org/index.php/Testing_for_Logout_and_Browser_Cache_Management_(OWASP-AT-007)

Share with your friends

appsec-labs-logo-007

No comments yet.

Leave a Reply

You must be logged in to post a comment.