Introducing the Security of Cookies Whitepaper

This blog post announces the publication of a Security of Cookies Whitepaper by Netsparker security researchers. The white paper discusses why cookies are used in applications, how they work, their attributes, and how to modify them. It analyzes the protection and security of session cookies, concluding with recommendations for extra measures.

Introducing the Security of Cookies Whitepaper
We have just published a Security of Cookies Whitepaper. Cookies and session IDs play an important part in website security. Their role is to ensure that users who send requests to a website are allowed access to restricted areas. Applications use cookies and session objects to allow for secure storage of session related data on the server side.

Our white paper discusses the following key topics:
  • How cookies work
  • Attributes of cookies
  • Modifying cookies with JavaScript
  • Session cookies
  • Analyzing sessions
  • Cookie prefixes
The white paper gives special attention to options for protecting and hiding cookie sessions, as well as examining cookie attributes in terms of security. All the components of the cookies that might make an attack surface are discussed, with possible attacks, their effects, and methods of protection. It concludes by suggesting extra measures for a secure session. This Whitepaper is jointly authored by Ziyahan Albeniz, Sven Morgenroth and Umran Yildirimkaya.