Are you familiar with cookie attacks? It doesn't refer to cookies actually attacking, but it does refer to how attackers can exploit vulnerabilities and access cookies.
As an example, can you answer this sample Security+ practice test question recently added to the gcgapremium.com online test banks?
Q. A penetration tester has successfully exploited a vulnerability against your organization giving him access to the following data:
User, password, login-date, cookie-id
Homer, canipass, 2016-09-01 11:12, 286755fad04869ca523320acce0dc6a4
Bart, passican, 2016-09-01 11:15, 8edd7261c353c87a113269cd37635c68
Marge, icanpass, 2016-09-01 11:19, 26887fbd90ac0340e29ad62470270401
Homer, canipass, 2016-09-01 11:12, 286755fad04869ca523320acce0dc6a4
Bart, passican, 2016-09-01 11:15, 8edd7261c353c87a113269cd37635c68
Marge, icanpass, 2016-09-01 11:19, 26887fbd90ac0340e29ad62470270401
What type of attack does this represent?
A. SQL injection
B. XML injection
C. XSS
D. Session hijacking
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.
