Click here to Skip to main content
15,560,678 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
Could someone suggest on below risk raised by checkMarx tool for ASp.NET Core WebAPI, as application don't send or store any cookies.

" Startup.cs application configuration file, at line 21, does not define sensitive application cookies with the "secure" flag, which could cause the client to send those cookies in plaintext over an insecure network communication (HTTP). This may lead to a Session Hijacking attack." 


line 21 mentions --- public class Startup

What I have tried:

I have tried ways to add app.UseHsts();app.UseHttpsRedirection(); to request pipeline, not resolved the issue.
Posted
Updated 11-Oct-22 2:33am
v2
Comments
Richard Deeming 11-Oct-22 6:41am    
What do you think we could possibly suggest, given we can't see any of the code in question? If the tool says you have a security problem with your code, then you probably have a security problem with your code.
Tharakharish 11-Oct-22 7:35am    
@Richard Deeming, Apologies I have updated my question, the line security tool raises risk. pls suggest.
Member 8428760 12-Oct-22 23:59pm    
Have you followed what it says for ASP here? https://owasp.org/www-community/controls/SecureCookieAttribute

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900