Insecure options for cookie detected.
- Rule ID: php_symfony_insecure_cookie
- Languages: php
- Source: insecure_cookie.yml
To make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.
true to avoid the cookie being sent by client-side scripts.
true to force cookies to only send over HTTPS.
- CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
- CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_symfony_insecure_cookie
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_symfony_insecure_cookie
Ready to take the next step? Learn more about Bearer Cloud.