[Owasp-leaders] Unvalidated Redirects and Forwards Cheat Sheet
Jeff Williams
jeff.williams at owasp.org
Thu Mar 21 02:10:30 UTC 2013
Nice work!
would it be possible to discuss all the ways to send a redirect (so people can actually find these flaws)? Usually frameworks have a shortcut, but can also set a custom location header. They can also use meta tag or JavaScript. Is DOM-based open redirect a thing?
Also, why does the unvalidated forward part of this use a redirect example? I'd like to see some more discussion of the access control aspects of forwards.
Thanks for putting this together.
--Jeff
On Mar 20, 2013, at 7:54 PM, Johanna Curiel <johanna.curiel at owasp.org> wrote:
> And Big thanks to Jim for his superb editing skills ;-)
>
>
>
>
> Op 20 mrt. 2013 om 11:31 heeft Jim Manico <jim.manico at owasp.org> het volgende geschreven:
>
>> Leaders,
>>
>> The Unvalidated Redirects and Forwards Cheat Sheet is now live.
>>
>> https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
>>
>> Big thanks to Susanna Bezold and Johanna Curiel for their work on this cheat sheet.
>>
>> As always, comments are appreciated.
>>
>> Keep on cheating,
>>
>> Jim Manico
>> OWASP Volunteer
>> @Manicode
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
More information about the OWASP-Leaders
mailing list