For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AshuA_246482's avatar
AshuA_246482
Icon for Nimbostratus rankNimbostratus
Nov 29, 2017

How to fix secure cookie parameter - finding of pen test

We had a pen test get done on newly deployed application. and one of their finding is   When cookies are set which are used on the encrypted (HTTPS) part of the website, the Secure cookie paramete...
application delivery
LTM
AshuA_246482's avatar
AshuA_246482
Icon for Nimbostratus rankNimbostratus
Nov 29, 2017

2 These cookies are used on the encrypted (HTTPS) part of the website. Because they are not marked as Secure, these cookies will also be sent through unencrypted connections to the server. 3.When cookies are transmitted over an unencrypted connection, and an attacker is able to place himself between a victim's browser and the web server, the attacker will be able to intercept the contents of the cookies. 4.Supply the cookie parameter Secure when setting a cookie intended for the part of the application where encryption is used.

 

How to fix this finding ?