[Esapi-user] Is this a safe way to do a .NET Server Redirects? (and deal with A10: Unvalidated Redirects and Forwards)
dinis.cruz at owasp.org
Sat Mar 9 10:41:10 UTC 2013
Question details here:
The interesting question is at the end of the post: *On that topic, is
there a list of Use Cases that this function should pass? (in order to make
it as 'secure'?)*
This is a good example of why I like the idea of an ESTAPI since what I
really need here (as a developer) is a set of unit-tests / use-cases that I
can run my code against (on dev and CI) in order to make sure it is (and
- Is there something on ESAPI Java code that I can look at? (for example
it's Unit Tests for their redirect modules?)
- Is there a good example on ESAPI .Net?
- Are there UnitTests that show MS' AntiXss in action in cases like this?
- Other good resources?
Btw: here are a couple posts on my thoughts on ESTAPI:
- The ESTAPI idea <http://blog.diniscruz.com/2011/06/estapi-idea.html>
- A couple more comments on ESAPI and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user