Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 1

Cookie-Based Authentication Security of Popular Websites

Let's take Google and other popular bank websites which uses cookie. 

 

I've been working with a website using Angular which uses Laravel as an API. Data are stored in cookies which is vulnerable in client side including the JWT. 

 

For websites using cookie-based authentication, what security implementation and practices they do to protect and secure the data from any attack aside from setting the security flags and options of cookie?

 

Here are some of specific cookie attacks:

  1. CSRF, cookie poisoning
  2. XSS
  3. Session fixation
  4. Eavesdropping, cookie hijacking/stealing
  5. Cookie injection from related hostnames
  6. Cookie eviction
  7. Direct cookie injection
  8. TCP/IP hijacking

 

How popular websites and bank websites handle these attacks in order to protect the data stored in the cookies?