Forum Discussion

Nimbostratus

8 years ago

How to fix secure cookie parameter - finding of pen test

We had a pen test get done on newly deployed application. and one of their finding is When cookies are set which are used on the encrypted (HTTPS) part of the website, the Secure cookie paramete...

application delivery

LTM

AshuA_246482

Nimbostratus

8 years ago

Another finding : cookie & requestVerificationToken is set without the HttpOnly Cookie parameter

question : How to set cookie & requestVerificationToken with the HttpOnly Cookie parameter on LTM running on 11.6 Risk : When a cross-site scripting vulnerability is present, an attacker may unnecessarily be able to retrieve sensitive information from cookies. Recommendation: Supply the HttpOnly cookie parameter when the server sets a cookie through Set-Cookie.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to fix secure cookie parameter - finding of pen test

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

Quarterly Security Notification October 2025

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

Deploying the F5 AI Security Certified OpenShift Operator: A Validated Playbook

BIG-IP security hardening and compliance checks

What is Shape Security?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS