DAST Scan - Missing Secure Attribute in Encrypted Session (SSL) Cookie
search cancel

DAST Scan - Missing Secure Attribute in Encrypted Session (SSL) Cookie

book

Article ID: 247492

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Upon running the DAST Scan on POC environment we are receiving the following vulnerability: - 

"Missing Secure Attribute in Encrypted Session (SSL) Cookie"

 

Environment

Release : 16.0.2

Component :CLARITY

Resolution

a) Log into CSA/NSA

b) Click on the Server

c) Click on the Application Tab

d) There is an option for "Use Secure Session Cookie"

e) Enable the above option

Note: On a same page Under Application Instance: NSA There is an option for "Use Secure Session Cookie"

f) Enable that option also 

g) Restart the Clarity Services

h) Run DAST Scan

You can perform the above steps in lower environment and then proceed to Prod.