OWASP Top 10 for .NET developers part 10: Unvalidated Redirects

added by troyhunt
12/12/2011 1:38:27 AM

0 Kicks, 667 Views

In the final instalment of the OWASP Top 10 for .NET developers we look at the risk of unvalidated redirects and forwards. This practice allows an attack to use a legitimate, trustworthy URL to serve malicious content which could do anything from steal credentials to install malware. But mitigation is easy and this post shows the exploit in practice and how to prevent it in your .NET apps.