Support #11508
Support #11289: [SCP ID :##5584##] : PCI DSS: Web and Mobile SAP Remediation
Pentest-IBAM (M1) - TLS Cookie Without Secure Flag Set
Status: | Dropped-End of life cycle | Start date: | January 26, 2021 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Chun Feng Lim | % Done: | 0% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Solution from lgms
The Secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.
History
#1 Updated by Nurul Athira Abdul Rahim over 2 years ago
- Status changed from New - Begin Life Cycle to Dropped-End of life cycle