Cookies

The Cookies section allows you to monitor cookies and their attributes

Use Cases

• Discover cookies that may pose a risk due to lacking security attributes. Cookies that lack security attributes can potentially be used to escalate attacks on the users of your site.

• Identify which hosts are setting cookies.

Detection

During the crawling process, the scanner collects all cookies that are issued in server responses.

Risk

Risk is assigned by verifying that:

• Medium (● Yellow): The "secure" attribute is missing on an HTTPS cookie, or the HttpOnly attribute is missing from a session cookie.

• Low (● Green): No significant risks are associated with the cookie.

Cookies rated Medium risk will create issues.

Monitoring

Cookies can be monitored for changes by toggling their monitor status on the List page. If a change is detected it will trigger a website-cookie-monitor-change event so you can be immediately notified.

Learn more about events at:

Pages

• Overview: Displays your risk rating associated with identified cookies as well as metrics on cookie attributes and expirations, and monitored hosts.

• Summary: Displays which targets offering cookies are acknowledged and what security attributes are set.

• List: Lists every cookie found per target with extended details about expiration and other attributes. Toggle monitor status of cookies.

• Names: Names of every cookie identified and number of times they were seen.

• Domains: List of hosts from all domain attributes and metrics.

• Changes: Changes in cookies between current and previous scans.