Compliance Monitoring Issues

General Information

In the world of website compliance, a lot of differnt compliance violotions can occour. Therefore we decided to make a clear separation of those violations and introduced different violation categories:

Each category includes different types of violations that will be described in the corresponding section. The main differences are that regulatory violatens based on GDPR context prescribed by law and business violations based on custom rules that can be individually defined to meet each customers individual requiremnts.

Regulatory Violations

This category includes all detected problems that relates to the acutal GDPR context prescribed by law. The following types can be detected by the Nimbusec compliance monitor in the context of regulatory violations:

In the Nimbusec Compliance Monitor, this violation type can be seen in the compliance view of an asset:

By clicking on the "Details" button, all detected cookies can be seen.

Complaince View

In more detail, the Nimbusec compliance scan saves the following data:

Example:
Name Domain Secure HttpOnly LifeTime SameSite ThirdParty InServerResponse
cookie_name www.example.com false false -1 N/A true false
Description of the fields:
Column Description
Name Name of the detected Cookie
Domain Domain name where the described cookie was found
Secure The Secure flag is an option that can be set by the server when sending a new cookie to the user in an HTTP response. The purpose is to prevent cookies from being observed by unauthorized parties due to sending the cookie in clear text.
HttpOnly The HttpOnly flag is an additional security option for cookies. If this flag is set, the browser does not display the cookie through client-side scripts.
LifeTime This parameter shows the validity of a cookie.
SameSite The SameSite attribute shows if this cookie is restricted to a first-party or same-site context.
ThirdParty This attribute shows if this cookie was distributed from the own web ressource or from an external one. (domain name matching)
InServerResponse If the value of this attribute is true, this cookie was directly send from the server. If this value is false, the cookie was created and distributed via a JavaScript context.

By clicking on the "Details" button in the compliance view, all detected cookies can be seen.

Form issues

Complaince View

Complaince View

Complaince View

Complaince View

By clicking on the "Details" button in the compliance view, all detected cookies can be seen.Complaince View

Complaince View

Complaince View

Tracker Check


Revision #1
Created 4 March 2021 08:48:36 by Christian Baumgartner
Updated 4 March 2021 08:54:10 by Christian Baumgartner