How Can Cookies Threat Web Software Security?

by Nataliia Vasylyna | April 17, 2015 10:00 am

Some web software users have a prejudice against cookies. They claim that one of the reasons of their discontent is that cookies threaten safety of their sensitive data.

Web developers assure that such worries are groundless, but specialists in manual and automated testing of web software know that cookies can cause vulnerabilities in web software security. That is why one must include checking of cookies in security testing of web sites and web applications.

Verifying Security of Web Software One Should Consider Such Cookies Related Aspects:

• It is necessary to inquire what data are stored in the cookies. If there are personal or sensitive user data, it is better to remove them. Cookies should not contain data of that kind.
• If there is no way to avoid keeping user’s private data in cookies, the data should be stored there in an encrypted form. Otherwise, the data can be stolen.
• During software testing one should make sure that the cookies cannot be accessed by other domains.
• It is important to verify whether the cookies are deleted correctly. Sometimes corrupted cookies can be accessed by other domains.
• If cookies are utilized for the user login, it is necessary to make sure that another user cannot login in the application in the same browser till the first one is logged. A corresponded message should appear.

Cookies are related to different aspects of web software; they should be involved in functional testing, cross-browser testing, load testing[1], etc.

Related Posts:

• How to Improve E-Commerce Products?[2]
• What Is Web Application Penetration Testing?[3]
• How to Test Access Points of Web Software?[4]

Source URL: https://blog.qatestlab.com/2015/04/17/how-can-cookies-threat-web-software-security/

---