Information Disclosure: Frontend Guessable Cookie Value¶

Identifier: guessable_cookie_value

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Using easily guessable values for cookies can make your application vulnerable to session hijacking and other security issues. Attackers could potentially guess valid cookie values and impersonate legitimate users.

References:

https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  guessable_cookie_value:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.