Introducing the Security of Cookies Whitepaper

Category: Web Security Readings - Last Updated: Fri, 01 Mar 2019 - by Ziyahan Albeniz

We have just published a Security of Cookies Whitepaper. Cookies and session IDs play an important part in website security. Their role is to ensure that users who send requests to a website are allowed access to restricted areas. Applications use cookies and session objects to allow for secure storage of session related data on the server side.

Our white paper discusses the following key topics:

  • How cookies work
  • Attributes of cookies
  • Modifying cookies with JavaScript
  • Session cookies
  • Analyzing sessions
  • Cookie prefixes

The white paper gives special attention to options for protecting and hiding cookie sessions, as well as examining cookie attributes in terms of security. All the components of the cookies that might make an attack surface are discussed, with possible attacks, their effects, and methods of protection. It concludes by suggesting extra measures for a secure session.

This Whitepaper is jointly authored by Ziyahan Albeniz, Sven Morgenroth and Umran Yildirimkaya.


Keep up with the latest web security
content with weekly updates.