[Esapi-user] Is this a safe way to do a .NET Server Redirects? (and deal with A10: Unvalidated Redirects and Forwards)

Dinis Cruz dinis.cruz at owasp.org
Sat Mar 9 10:41:10 UTC 2013


Question details here:
http://blog.diniscruz.com/2013/03/is-this-safe-way-to-do-net-server.html

The interesting question is at the end of the post: *On that topic, is
there a list of Use Cases that this function should pass? (in order to make
it as 'secure'?)*
*
*
This is a good example of why I like the idea of an ESTAPI since what I
really need here (as a developer) is a set of unit-tests / use-cases that I
can run my code against (on dev and CI) in order to make sure it is (and
stays) secure.

Questions:

   - Is there something on ESAPI Java code that I can look at? (for example
   it's Unit Tests for their redirect modules?)
   - Is there a good example on ESAPI .Net?
   - Are there UnitTests that show MS' AntiXss in action in cases like this?
   - Other good resources?

Btw: here are a couple posts on my thoughts on ESTAPI:

   - The ESTAPI idea <http://blog.diniscruz.com/2011/06/estapi-idea.html>
   - A couple more comments on ESAPI and
ESTAPI<http://blog.diniscruz.com/2010/01/couple-more-comments-on-esapi-and.html>


Thanks

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130309/9c58df4a/attachment.html>


More information about the Esapi-user mailing list