The main purpose of an HTTP cookie is to identify users and prepare customized Web pages for consumers based on their profile. Cookie poisoning is the act of an attacker modifying a cookie for the purpose of abusing the functionality of an application. There are three areas of potential security risks with cookies:
Sensitive information may be added by the cookie as plain text, which is not recommended. A malicious user can sniff the connection to capture any data that is being transmitted over a network. Therefore, encryption should be used.
The developer may not have set the
HttpOnlyattribute limits the damage done in case of an XSS vulnerability.
The developer did not set the
Secureattribute is not used, the risk is a man-in-the-middle attack.
Using Ocular, you can identify cookie poisoning vulnerability by executing the following commands:
def source = cpg.method.fullName(".*Cookie.<init>.*").parameter
def sink = cpg.method.name("addCookie").parameter
def source = cpg.method.name("addCookie").parameter
def sink = cpg.method.fullName(".*javax.servlet.RequestDispatcher.forward.*").parameter