Forum Discussion

Nimbostratus

Nov 29, 2017

How to fix secure cookie parameter - finding of pen test

We had a pen test get done on newly deployed application. and one of their finding is When cookies are set which are used on the encrypted (HTTPS) part of the website, the Secure cookie paramete...

application delivery

LTM

AshuA_246482

Nimbostratus

Nov 29, 2017

Another finding : cookie & requestVerificationToken is set without the HttpOnly Cookie parameter

question : How to set cookie & requestVerificationToken with the HttpOnly Cookie parameter on LTM running on 11.6 Risk : When a cross-site scripting vulnerability is present, an attacker may unnecessarily be able to retrieve sensitive information from cookies. Recommendation: Supply the HttpOnly cookie parameter when the server sets a cookie through Set-Cookie.

Forum Discussion

How to fix secure cookie parameter - finding of pen test

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Using ChatGPT for security and introduction of AI security

HTTP Multipart and Security Implications

Auditing Security Policy Updates

Using Distributed Application Security Policies in Secure Multicloud Networking Customer Edge Sites

Minimizing Security Complexity: Managing Distributed WAF Policies