Introducing the Security of Cookies Whitepaper

This blog post announces the publication of a Security of Cookies Whitepaper by Netsparker security researchers. The white paper discusses why cookies are used in applications, how they work, their attributes, and how to modify them. It analyzes the protection and security of session cookies, concluding with recommendations for extra measures.

We have just published a Security of Cookies Whitepaper. Cookies and session IDs play an important part in website security. Their role is to ensure that users who send requests to a website are allowed access to restricted areas. Applications use cookies and session objects to allow for secure storage of session related data on the server side.

Our white paper discusses the following key topics:

How cookies work
Attributes of cookies
Modifying cookies with JavaScript
Session cookies
Analyzing sessions
Cookie prefixes

The white paper gives special attention to options for protecting and hiding cookie sessions, as well as examining cookie attributes in terms of security. All the components of the cookies that might make an attack surface are discussed, with possible attacks, their effects, and methods of protection. It concludes by suggesting extra measures for a secure session. This Whitepaper is jointly authored by Ziyahan Albeniz, Sven Morgenroth and Umran Yildirimkaya.

Introducing the Security of Cookies Whitepaper

Related Articles

SQL Injection Cheat Sheet

HTTP security headers: An easy way to harden your web applications

How you can disable directory listing on your web server – and why you should

JSON injection