Evolving ASP.NET Apps-Validating Redirects and Forwards

added by Ricardo Peres
1/29/2015 4:38:53 PM

2 Kicks, 176 Views

In today's post on improving the security of our ASP.NET applications, we tackle the problem of unvalidated redirects and forwards. Before we get started, here is a recap of the problem we found during our security review. The concern here is that we might have a page that forwards a user to another page as specified by a url in a query parameter.