private void CheckAllSessionIDCookies(HttpCookie cki, HttpResponse response) { var result = PatternMatchUtil.CheckPatternMatch(cki.Name, this.config.KnownTechCookiePatterns); if (result.MatchFound) { this.CheckSessionIDForAcceptableLength(cki, response); } }
private void CheckCookieForServerFingerprinting(HttpResponse response, HttpCookie cki) { if (!string.IsNullOrWhiteSpace(cki.Name)) { var cookieOfTechnology = PatternMatchUtil.CheckPatternMatch(cki.Name, this.Config.KnownTechCookiePatterns); if (cookieOfTechnology.MatchFound) { this.AddResult( new AnalysisResult( $"Cookie {cki.Name} discloses the technologies and programming languages used by the web application [Found Technology: {cookieOfTechnology.MatchingPattern.Technology}].", SeverityType.Error, "Change the default cookie name used by the web development framework to a generic name, such as -id", "Server fingerprinting", response.GetAdditionalProperties(), this.Config.References.Urls["SessionIDNameFingerprinting"])); } } }