This repository has been archived by the owner on Jun 2, 2021. It is now read-only.
"example-session-id" Why is this used as a text string for byte matching in the header for auth tokens? #31
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In the file
https://github.com/aws-samples/aws-waf-sample/blob/master/waf-owasp-top-10/owasp_10_base.yml
lines 259 and 257.
Why is "example-session-id" used as the string to match inside the cookie? I am not aware of an attack that uses this string in the cookie. Also, if we are meant to put our own string there shouldn't this be a parameter that we set up? or perhaps this is for something I am unfamiliar with or I am miss-interpreting this rule condition.
The text was updated successfully, but these errors were encountered: