November 2016 Netsparker Enterprise Update
This blog post is an overview of what is new, improved and fixed in the November 2016 update of Netsparker Cloud online web vulnerability scanner.
Your Information will be kept private.
Begin your DAST-first AppSec journey today.
Request a demo
We have just updated Netsparker Enterprise, the cloud-based edition of our web application security scanner. Below is a quick overview of what is new and improved.
As such having multiple cookies attached to the same HTTP header set-cookie is not a security issue per se, but according to section 3 of the RFC 6265;
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field.
We still implemented this check because attaching multiple cookies in the same set-cookie header could lead to a number of technical problems. For example most browsers will only accept the first cookie. Below is a screenshot of the alert that the scanner will issue in the case it detects multiple cookies:
Technical Check for the HTTP Header set-cookie
In this update we included a new check for the HTTP header set-cookie. The scanner checks and will alert you if multiple cookies are attached in the same set-cookie header, as shown in the below screenshot.
As such having multiple cookies attached to the same HTTP header set-cookie is not a security issue per se, but according to section 3 of the RFC 6265;
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field.
We still implemented this check because attaching multiple cookies in the same set-cookie header could lead to a number of technical problems. For example most browsers will only accept the first cookie. Below is a screenshot of the alert that the scanner will issue in the case it detects multiple cookies:
