HTML Form Security
Phase 6sessionWSTG-SESS
Description
Parses all <form> elements and checks for GET-method forms, password inputs without autocomplete="off", and the absence of CSRF token patterns (_token, csrf, _wpnonce, authenticity_token).
Security Impact
GET forms expose sensitive data in URLs, server logs, and Referer headers. Missing CSRF tokens allow cross-site request forgery. Password autocomplete risks credential leakage on shared devices.
Automated Detection & AI Remediation
DygDog automatically detects HTML Form Security using its continuous, passive scanning engine. When discovered, DygDog provides infrastructure-specific, copy-paste ready code snippets generated by frontier AI models to help you remediate the issue instantly without generic advice.
Start Free Scan