Hi Appian Community,
Appian Community
Stefan Helzle Appian AppMarket
In our recent Pen testing report it was found that JSessionID is Visible in the browser's Developer tools under Inspect functionalities. Creating Security concerns in pen testing report .
Anyone had previously been with such issue or Have any Idea how to handle the scenario.
Discussion posts and replies are publicly visible
Are you sure there is a security problem? Does the test show a specific problem or does it just say that maybe there is a problem?
I did some tests in the past, and I think it's not possible for you to get anywhere with that JSESSIONID.
In any case, contact Appian if you prefer to be sure about it