rspec/rules/S6287/rationale.adoc

Session Cookie Injection occurs when a web application assigns session cookies
to users using untrusted data.

Session cookies are used by web applications to identify users. Thus,
controlling these enable control over the identity of the users within the
application.

The injection might occur via a GET parameter, and the payload, for example,
`https://example.com?cookie=injectedcookie`, delivered using phishing
techniques.
[APPSEC-291] Modify rule S6287 (Python): Change text to the education framework format (#1415) * Add Python rule * Apply review changes 2022-11-24 13:12:09 +01:00			`Session Cookie Injection occurs when a web application assigns session cookies`
[APPSEC-116] Modify rule S6287: Educational content (#1216) 2022-09-08 11:06:29 +02:00			`to users using untrusted data.`

			`Session cookies are used by web applications to identify users. Thus,`
			`controlling these enable control over the identity of the users within the`
			`application.`

			`The injection might occur via a GET parameter, and the payload, for example,`
			`https://example.com?cookie=injectedcookie`, delivered using phishing
			`techniques.`