wstg icon indicating copy to clipboard operation
wstg copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Review and update content about SameSite cookies

Open rbsec opened this issue 2 years ago • 3 comments

There are few areas of the guide that don't really take into account the current state of SameSite cookies:

  • The Testing Cookie Attributes guide says that "most" browsers" default to Lax, but this isn't true for Firefox or Safari.
  • The Cross-Site Request Forgery guide doesn't mention it at all, and the PoCs given won't work in some browsers because of it.
  • The Cross-Site Script Inclusion guide doesn't mention it at all, and the PoC given won't work in some (all? #954) browsers because of it.

There might also be some other areas that I've missed?

rbsec avatar Dec 27 '22 15:12 rbsec

Hey @rbsec Can in contribute and help out on this issue that needs revise?

Please let know when possible

mademarc avatar Sep 16 '23 00:09 mademarc

Absolutely. Just let us know if you have questions or if there's enough detail there to get you started.

kingthorin avatar Sep 16 '23 01:09 kingthorin

Thanks @kingthorin and i just message you some questions via slack, did you received them?

mademarc avatar Sep 16 '23 02:09 mademarc