def test_AC16(self): web = Server("web") web.usesStrongSessionIdentifiers = False web.encryptsCookies = False threat = threats["AC16"] self.assertTrue(threat.apply(web))