[Owasp-leaders] Unvalidated Redirects and Forwards Cheat Sheet

Jim Manico jim.manico at owasp.org
Thu Mar 21 02:44:29 UTC 2013


Thank you Jeff.

These are great suggestions; can you take a sec and make your additions directly to the cheat sheet?

We would love to have your help here. If you just want to send me notes with a little more detail via email, I'll do the wiki work for you and add you as a contributor.

Thanks Jeff,
Jim



> Nice work!
> 
> would it be possible to discuss all the ways to send a redirect (so people can actually find these flaws)? Usually frameworks have a shortcut, but can also set a custom location header.  They can also use meta tag or JavaScript.  Is DOM-based open redirect a thing?
> 
> Also, why does the unvalidated forward part of this use a redirect example?  I'd like to see some more discussion of the access control aspects of forwards.
> 
> Thanks for putting this together.
> 
> --Jeff
> 
> 
> On Mar 20, 2013, at 7:54 PM, Johanna Curiel <johanna.curiel at owasp.org> wrote:
> 
>> And Big thanks to Jim for his superb editing skills ;-)
>>
>>
>>
>>
>> Op 20 mrt. 2013 om 11:31 heeft Jim Manico <jim.manico at owasp.org> het volgende geschreven:
>>
>>> Leaders,
>>>
>>> The Unvalidated Redirects and Forwards Cheat Sheet is now live.
>>>
>>> https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
>>>
>>> Big thanks to Susanna Bezold and Johanna Curiel for their work on this cheat sheet.
>>>
>>> As always, comments are appreciated.
>>>
>>> Keep on cheating,
>>>
>>> Jim Manico
>>> OWASP Volunteer
>>> @Manicode
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list