Security Test: Frontend Guessable Cookie Value¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

Using easily guessable values for cookies can make your application vulnerable to session hijacking and other security issues. Attackers could potentially guess valid cookie values and impersonate legitimate users.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html

Configuration¶

Identifier: frontend_information_disclosure/guessable_cookie_value

Examples¶

All configuration available:

checks:
  frontend_information_disclosure/guessable_cookie_value:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API2:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.10`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.18.1`
NIST	`SP800-53`
FedRAMP	`AC-4`
CWE	`330`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C`
CVSS Score	`6.5`