Cookie Slack Detector

Risk:
Informational

Type:
Active

CWE:
CWE-205

Summary: Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.

References: https://cwe.mitre.org/data/definitions/205.html

Free security scan for your website

Don't show website scan report rating on the leaderboard