ASVS Requirement 3.3.2

• Level: 2
• Chapter: V3 Web Frontend Security
• Section: V3.3 Cookie Setup
• Source: 0x12-V3-Web-Frontend-Security.md

Description

Verify that each cookie's 'SameSite' attribute value is set according to the purpose of the cookie, to limit exposure to user interface redress attacks and browser-based request forgery attacks, commonly known as cross-site request forgery (CSRF).