Missing 'Secure' attribute in cookie configuration
- Rule ID: java_lang_cookie_missing_secure
- Languages: java
- Source: cookie_missing_secure.yml
The "Secure" attribute when set to "true" ensures that a client will only send the cookie to the server when HTTPS is being used. This prevents the cookie from being observed by unauthorized third parties.
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_cookie_missing_secure
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_cookie_missing_secure
Ready to take the next step? Learn more about Bearer Cloud.