LogoLogo
APISupportDashboard
  • Welcome
  • Platform
    • Platform Overview
    • Getting Started Guide
    • Discovery
      • Domain Discovery
      • Network Discovery
      • Discovered Assets
    • Targets
      • Scan Policies
      • Add-on Services
      • Tags & Filtering
        • Default Tags
      • Managing Targets
      • Scan Configuration
    • Risk
    • Firewalls
      • Ports
      • HTTP Servers
      • DNS Records
    • Websites
      • Certificates
      • Scripts
      • Cookies
      • Headers
      • Forms
      • Links
      • Downloads
      • Traffic Hosts
      • Meta Tags
      • Pages
    • Technology
    • Issues
      • Vulnerability Management
      • Issue Settings
    • Reports
    • Compliance
    • Projects
      • Penetration Testing
      • Other Projects
    • Events
      • Event Rules
      • Event Types
    • Automations
      • Target Automations
      • Asset Automations
      • Target Issue Automations
  • Integrations
    • Discovery Integrations
      • Azure
      • Google Cloud
      • AWS
      • Cloudflare
      • Oracle Cloud Infrastructure
      • F5
      • GoDaddy
      • Wiz
      • HTTP
    • Workflow Integrations
      • Slack
      • Google Chat
      • Jira
      • PagerDuty
      • Splunk
      • AWS
      • Vanta
      • Microsoft Teams
      • ArmorCode
      • Zapier
        • Slack (via Zapier)
        • Jira (via Zapier)
        • Service Now (via Zapier)
    • Feeds
      • Using Feeds with Google Sheets
    • API
    • Webhooks
  • Account
    • Account Overview
      • Account Security
    • Users
      • Roles & Permissions
Powered by GitBook

© 2024 Halo Security

On this page
  • Use Cases
  • Detection
  • Risk
  • Monitoring
  • Pages

Was this helpful?

  1. Platform
  2. Websites

Cookies

Keep track of cookies and their attributes.

PreviousScriptsNextHeaders

Last updated 3 months ago

Was this helpful?

The Cookies section allows you to monitor cookies and their attributes

Use Cases

  • Discover cookies that may pose a risk due to lacking security attributes. Cookies that lack security attributes can potentially be used to escalate attacks on the users of your site.

  • Identify which hosts are setting cookies.

Detection

During the crawling process, the scanner collects all cookies that are issued in server responses.

Risk

Risk is assigned by verifying that:

  • Medium (● Yellow): The "secure" attribute is missing on an HTTPS cookie, or the HttpOnly attribute is missing from a session cookie.

  • Low (● Green): No significant risks are associated with the cookie.

Cookies rated Medium risk will create .

We recommend fixing Medium risk issues immediately.

Monitoring

Learn more about events at:

Pages

Cookies can be monitored for changes by toggling their monitor status on the page. If a change is detected it will trigger a website-cookie-monitor-change event so you can be immediately notified.

: Displays your risk rating associated with identified cookies as well as metrics on cookie attributes and expirations, and monitored hosts.

: Displays which targets offering cookies are acknowledged and what security attributes are set.

: Lists every cookie found per target with extended details about expiration and other attributes. Toggle monitor status of cookies.

: Names of every cookie identified and number of times they were seen.

: List of hosts from all domain attributes and metrics.

: Changes in cookies between current and previous scans.

issues
List
Events
Overview
Summary
List
Names
Domains
Changes