This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

HttpOnly

From OWASP
Revision as of 17:35, 26 July 2007 by Rknell (talk | contribs) (Attempting to add an image)

Jump to: navigation, search

Overview

Browsers Supporting HTTPOnly

Using WebGoat's HTTPOnly lesson, the following web browsers have been tested for HTTPOnly capabilities. The results are listed below in table 1.

Table 1: Browsers Supporting HTTPOnly
Browser Version Supports HTTPOnly?
Microsoft Internet Explorer 6 (SP1) - 7 Yes
Mozilla Firefox 2.0.0.5 Yes
Netscape Navigator 9.0b2 No
Opera 9.22 No

Using WebGoat to Test for HTTPOnly Capabilities

Getting Started

Assuming you have already installed and launched WebGoat, begin by navigating to the ‘HTTPOnly Test’ lesson located within the Cross-Site Scripting (XSS) category. After selecting the ‘HTTPOnly Test’ link, as shown below in figure 1, you are now able to begin testing web browsers that support HTTPOnly.

File:Click link.jpg
Figure 1 - Accessing WebGoat's HTTPOnly Test Lesson
Retrieved from "https://wiki.owasp.org/index.php?title=HttpOnly&oldid=20217"