This test verifies if the 'secure' attribute is properly set in HTTP response header 'set-cookie' field to ensure secure cookie transmission.
Security Misconfiguration (SM)
How this template works
The template uses API selection filters to specify the criteria for selecting the API requests to be executed. In this case, it filters the requests based on the response code (between 200 and 299) and the absence of the "secure" attribute in the "Set-Cookie" response header.
The template executes a single request by modifying the URL using the value extracted from the "urlVar" variable. This allows the template to dynamically generate the request URL based on the previous response.
The template validates the response headers to ensure that the "Set-Cookie" header does not contain the "secure" attribute. It uses a regular expression to match any value that does not contain the word "secure". This validation helps identify potential cookie misconfigurations that could compromise the security and privacy of user information.
Frequently asked questions
What is the purpose of the "secure" attribute in the "set-cookie" header field
How does the absence of the "secure" flag in the "set-cookie" header impact security
What are the potential consequences of a misconfigured "set-cookie" header without the "secure" attribute
How does this test validate the presence of the "secure" attribute in the "set-cookie" header
Can the absence of the "secure" flag in the "set-cookie" header be exploited by attackers
Are there any specific standards or guidelines that recommend the use of the "secure" attribute in the "set-cookie" header