Session cookie with default config detected.
- Rule ID: javascript_express_default_session_config
- Languages: javascript
- Source: default_session_config.yml
Description
To make sure session cookies don't open your application up to exploits or unauthorized access, don't use default cookie values.
Remediations
✅ Instead of the default session name, use generic names.
Resources
Associated CWE
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.