Open main menu

Changes

Security tests of bxp and False Positives

516 bytes added, 21:26, 11 July 2017
no edit summary
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
=== ''' Presents as ==='''
=== ''' Mitigation ==='''
== Issue : httpOnly not applied ==
 
 
''' Presents as '''
 
 
The httpOnly flag not applied
 
 
''' Mitigation '''
 
 
Due to the implementation of the httpOnly flag using IIS Response.AddHeader "Set-Cookie" implementation to set a cookie flag at the end of the page, results in some testing software not properly detecting that the flag has been set. As bxp has to provide an HTTP implementation for backwards compatibility the httpOnly flag cannot be universally set by IIS and is implemented therefore in this fashion.
[[Category:Topic:Security]]
Philip Lacey
Anonymous, bureaucrat, administrator
7,528
edits
Retrieved from ‘https://www.bxpsoftware.com/wixi/index.php/Special:MobileDiff/7571