Introducing the Security of Cookies Whitepaper
This blog post announces the publication of a Security of Cookies Whitepaper by Netsparker security researchers. The white paper discusses why cookies are used in applications, how they work, their attributes, and how to modify them. It analyzes the protection and security of session cookies, concluding with recommendations for extra measures.
Our white paper discusses the following key topics:
- How cookies work
- Attributes of cookies
- Session cookies
- Analyzing sessions
- Cookie prefixes
The white paper gives special attention to options for protecting and hiding cookie sessions, as well as examining cookie attributes in terms of security. All the components of the cookies that might make an attack surface are discussed, with possible attacks, their effects, and methods of protection. It concludes by suggesting extra measures for a secure session.
This Whitepaper is jointly authored by Ziyahan Albeniz, Sven Morgenroth and Umran Yildirimkaya.