Recently, i have come across one PEN (penetration) issue. Here is the details.
All cookies are required to have ‘httponly’ and ‘secure’ flags set. Missing of either flag might result in a PEN finding.
I have made the below changes to fox this issue. The main objective os sharing this details here is , hope will helps others.
In web.xml file, make the below changes and check the result using the HttpWatch in IE, TamperData in FF.
Below are the reference URLs for more details.
Here are the some PEN Testing tools . Have a look at once.
Happy Coding !
Stay tune for more updates.
Have a nice day 🙂