From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Vulnerability: Open redirect
From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Vulnerability: Open redirect
- [Instructor] Sometimes it is necessary to redirect from one controller to another within the application. There is no risk on doing that if no user input is involved in the process. But as soon as any external data is used for the redirection, vulnerabilities may appear. The classical example is a login redirect when a user tries to access a restricted area without logging in first. The user is then redirected to the login page and then redirected again to the original one. The original URL is typically provided in the query string, which opens for phishing attacks. Phishing attacks are all about trust. By distributing links with a trusted domain name and a malicious redirect link, users may follow the link and expect the content to be trusted. By using identical layout and a very similar domain name, a malicious site may succeed in a phishing attack. Example, by asking for user credentials via a false login form. To prevent yourselves from these kind of attacks, try to avoid using…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Vulnerability: Object binding vulnerability3m 34s
-
(Locked)
Vulnerability: Dangerous uploaded file type58s
-
(Locked)
Vulnerability: Excessive authentication attempts1m 30s
-
(Locked)
Vulnerability: XSS filter evasion48s
-
(Locked)
Vulnerability: Inclusion of third-party ccripts57s
-
(Locked)
Vulnerability: Cross-site request forgery (CSRF)1m 59s
-
(Locked)
Vulnerability: Open redirect1m 33s
-
(Locked)
-