Support #11508: Pentest-IBAM (M1) - TLS Cookie Without Secure Flag Set - BSN CDB Support - Penril Support System

Support #11508

Support #11289: [SCP ID :##5584##] : PCI DSS: Web and Mobile SAP Remediation

Pentest-IBAM (M1) - TLS Cookie Without Secure Flag Set

Added by Nurul Athira Abdul Rahim over 3 years ago. Updated over 2 years ago.

Status:

Dropped-End of life cycle

Start date:

January 26, 2021

Priority:

Normal

Due date:

Assignee:

Chun Feng Lim

% Done:

Category:

Spent time:

Target version:

Description

Solution from lgms

The Secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

History

#1 Updated by Nurul Athira Abdul Rahim over 2 years ago

Status changed from New - Begin Life Cycle to Dropped-End of life cycle

Also available in: Atom PDF

B - Production Support » BSN CDB Support

Issues

Support #11508

Pentest-IBAM (M1) - TLS Cookie Without Secure Flag Set

History

#1 Updated by Nurul Athira Abdul Rahim over 2 years ago