This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "HttpOnly"
From OWASP
m |
(Attempting to add an image) |
||
| Line 30: | Line 30: | ||
== Using WebGoat to Test for HTTPOnly Capabilities == | == Using WebGoat to Test for HTTPOnly Capabilities == | ||
| + | |||
| + | === <u> Getting Started </u> === | ||
| + | |||
| + | Assuming you have already installed and launched WebGoat, begin by navigating to the ‘HTTPOnly Test’ lesson located within the Cross-Site Scripting ('''XSS''') category. After selecting the ‘HTTPOnly Test’ link, as shown below in '''figure 1''', you are now able to begin testing web browsers that support HTTPOnly. | ||
| + | |||
| + | [[Image:click_link.jpg|frame|Figure 1 - Accessing WebGoat's HTTPOnly Test Lesson]] | ||
Revision as of 17:35, 26 July 2007
Overview
Browsers Supporting HTTPOnly
Using WebGoat's HTTPOnly lesson, the following web browsers have been tested for HTTPOnly capabilities. The results are listed below in table 1.
| Browser | Version | Supports HTTPOnly? |
|---|---|---|
| Microsoft Internet Explorer | 6 (SP1) - 7 | Yes |
| Mozilla Firefox | 2.0.0.5 | Yes |
| Netscape Navigator | 9.0b2 | No |
| Opera | 9.22 | No |
Using WebGoat to Test for HTTPOnly Capabilities
Getting Started
Assuming you have already installed and launched WebGoat, begin by navigating to the ‘HTTPOnly Test’ lesson located within the Cross-Site Scripting (XSS) category. After selecting the ‘HTTPOnly Test’ link, as shown below in figure 1, you are now able to begin testing web browsers that support HTTPOnly.
File:Click link.jpg
Figure 1 - Accessing WebGoat's HTTPOnly Test Lesson
