A companys security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
A. Attempts by attackers to access We
b sites that trust the Web browser user by stealing the users authentication credentials.
B. Attempts by attackers to access the user and password information stored in the companys SQL database.
C. Attempts by attackers to access passwords stored on the
users computer without the users knowledge.
D. Attempts by attackers to determine the users Web browser usage patterns, including when sites were visited and for how long.
Cookies can store passwords and form content a user has previously en
tered, such as a credit card number or an address.
Cookies can be stolen using a technique called cross-site scripting. This occurs when an attacker takes advantage of a website that allows its users to post unfiltered HTML and JavaScript content.
Referen
ces: