From the course: ASP.NET MVC 5 Identity: Authentication and Authorization

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Vulnerability: Open redirect

Vulnerability: Open redirect

From the course: ASP.NET MVC 5 Identity: Authentication and Authorization

Start my 1-month free trial

Vulnerability: Open redirect

- [Instructor] Sometimes it is necessary to redirect from one controller to another within the application. There is no risk on doing that if no user input is involved in the process. But as soon as any external data is used for the redirection, vulnerabilities may appear. The classical example is a login redirect when a user tries to access a restricted area without logging in first. The user is then redirected to the login page and then redirected again to the original one. The original URL is typically provided in the query string, which opens for phishing attacks. Phishing attacks are all about trust. By distributing links with a trusted domain name and a malicious redirect link, users may follow the link and expect the content to be trusted. By using identical layout and a very similar domain name, a malicious site may succeed in a phishing attack. Example, by asking for user credentials via a false login form. To prevent yourselves from these kind of attacks, try to avoid using…

Contents