vulnerbility scanning
2 TopicsSession Cookie Does Not Contain the "Secure" Attribute
We attempted to resolve this vulnerability by enabling the secure attribute in cookies and also by implementing iRules. However, the vulnerability still identified in Qualys Scan. could you please assist in resolving this vulnerability? thanks in advance.48Views0likes3CommentsHow could I exclude Vulnerability scanners from Session Tracking?
I have enabled session tracking on an application and it has quickly blocked my vulnerability scanner. Of course this is "scan interference" and makes the results invalid. The options on the IP Address Exceptions page allow me to "Never Block" the IP , but then I get false results and ASM is not providing any protection. Because I've seen that when blocked by Session Tracking the other violations were still recorded in the logs I thought this may work as an iRule when ASM_REQUEST_DONE { if { ([ASM::violation count] equals 1) && ([ASM::violation names] eq "VIOL_SESSION_AWARENESS") && ([IP::addr [IP::client_addr] equals n.n.n.n]) } { ASM::unblock } } But it didn't, the connections were still blocked when the session tracking count was reached. Can anyone suggest something to try next?Solved892Views0likes6Comments