Skip to content

Security Cipher

  • Home
  • Blog
  • About Us
  • Resources
    • Security Terminologies
    • Vulnerability Explain
    • Secure Code Explain
    • Linux Commands
    • AWS Cloud Security Checklist
  • My Resume
Contact Us

Secure Code Explain

  • DOM Cross-Site-Scripting (XSS)
  • Stored Cross-Site-Scripting (XSS)
  • Reflected Cross-Site-Scripting (XSS)
  • SQL Injection
  • XXE Injection
  • Remote File Inclusion (RFI)
  • Local File Inclusion
  • Clickjacking
  • Remote Code Execution (RCE)
  • Insecure direct object references (IDOR)
  • Secure Cookie not set
  • Log Injection
  • Cross-Site Request Forgery (CSRF)
  • HttpOnly Flag not set

Vulnerability Explain

  • SQL Injection
  • Cross-Site-Scripting (XSS)
  • Home
  • Secure Code Explain
  • HttpOnly Flag not set

HttpOnly Flag not set

Table of Contents
  • 🥺 Vulnerable Code
  • 😎 Secure Code

Here is an example of code where httponly flag is not set with session token cookie:

🥺 Vulnerable Code #

Cookie cookie = new Cookie("sessionToken", sessionTokenValue); 
response.addCookie(cookie);

😎 Secure Code #

To secure the code, you can set the “HttpOnly” flag on the cookie to prevent it from being accessed by client-side scripts. This can help to mitigate certain types of cross-site scripting (XSS) attacks:

Cookie cookie = new Cookie("sessionToken", sessionTokenValue); 
cookie.setHttpOnly(true); 
response.addCookie(cookie);

Share This Article :
  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
Cross-Site Request Forgery (CSRF)

Leave a Reply Cancel reply

Table of Contents
  • 🥺 Vulnerable Code
  • 😎 Secure Code
logo name

Learn penetration Testing …

Instagram Twitter Youtube Telegram Linkedin

Useful Links

Blogs
About
Contact

Recent Post

  • Threat Modeling : Everything You Need to Know for Web Application Security
  • How to Conduct a Successful Penetration Test: A Step-by-Step Guide
  • OSV-Scanner: Protecting Your Open-Source Dependencies

Subscribe Now

Don’t miss our future updates! Get Subscribed Today!

Subscription Form

By entering your email, you agree to our terms & Conditions and Privacy policy.

©2023. Security Cipher. All Rights Reserved.

Privacy Policies
Terms & Conditions