Cookies related are most common vulnerabilities identified in websites.

 
1. At first place use cookies only if mandate. Example some web reporting/analytic tools use cookies to remember User to track user experience.
 
2. If using cookies, make then HTTP only and secure. This can be done at application server configuration.
 
3. If using cookies, set the expiry time till you need, dont leave them for ever unless its mandate. There is expiry parameter on the cookie.
 
4. Obvious dont store any secure data in cookie. It can be easily hacked.
 
For further reading refer OWASP official link – OWASP HTTPOnly

Share this post

Review cookie related security risks and avoid them
Tagged on:

Leave a Reply

Your email address will not be published. Required fields are marked *