Cookie with default config detected.
- Rule ID: javascript_express_default_cookie_config
- Languages: javascript
- Source: default_cookie_config.yml
Description
To make sure cookies don't open your application up to exploits or unauthorized access, don't use default cookie values.
Remediations
✅ Instead of the default cookie name, use generic names.
✅ Always set a maxAge or expires value
Resources
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=javascript_express_default_cookie_config
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=javascript_express_default_cookie_config
Ready to take the next step? Learn more about Bearer Cloud.