Forum Discussion

boneyard's avatar
boneyard
Icon for MVP rankMVP
Jun 07, 2012

ASM violation: Modified domain cookie(s)

im getting this violation, from the info provided by the ASM it seems to happen when the cookie is first set, am i correct on that? it feels like this is a quite common thing to happen, is it some you...
app sec
BIG-IP Access Policy Manager (APM)
security
BT_90520's avatar
BT_90520
Icon for Nimbostratus rankNimbostratus
Jun 12, 2012
if you take a look at the ASM policy>blocking>settings, those violation is alerted as you enable it under the option " Modified domain cookie(s)", or even subsequent for other cookie violation " ASM Cookie Hijacking", and "Modified ASM cookie". importantly, they are triggered as you configured in the Headers : Cookies : Cookies. There is the two type of cookie which will trigger the violation. Esp on the Enforced cookie

 

a) Enforced cookies - may not be changed by the client

 

b) Allowed cookies - may be changed by the client.

 

 

As for the extra msg, owasp has good info on Session Management Schema. Cookie manipulation is a key component for bypass and tamper. not sure if this is what you are expecting though @ https://www.owasp.org/index.php/Testing_for_Session_Management_Schema_(OWASP-SM-001)