SS
Uploaded byShane Stanley
PPTX, PDF5,064 views

A10 - Unvalidated Redirects and Forwards

Unvalidated redirects are links that lead users from trusted sites to unauthorized pages, exposing vulnerabilities that can result in malware installation or theft of sensitive information. The document explains the risks associated with unvalidated redirects, including security breaches and loss of customer trust, and provides methods for detection and prevention. Recommendations for users include maintaining updated internet security software and being cautious of URLs before clicking.

Embed presentation

Downloaded 164 times
A10 - Unvalidated Redirects and Forwards IT 6873 Presentation By William Stanley Southern Polytechnic State University Fall 2014
What is a unvalidated redirect?  Definitions  OWASP: The linking to a destination with out proper validation that leads to unauthorized pages.  Google: References unvalidated redirects as simply spammy and or malware.  Microsoft: Any web application that redirects to a URL that is specified via the request such as the querystring or form data can potentially be tampered with to redirect users to an external, malicious URL Summary: An unvalidated redirect is link on trusted site that will take the user to an unauthorized site to expose a vulnerability by either installing malicious software or by gaining secure information from the user.
Why use redirects?  Similar domain names: to redirect for misspellings  Moving pages: merge sites, move to a new domain, or name change  Logging out going link: A technique that was made popular by selling ads on sites direct them to sites such as Amazon.com  Shortening the original link: links on sites with hundreds and thousands of pages typically do this for a shorter link.  Manipulating  One way to make sure search engines and visitors reach the correct site  Another way to make sure search engines and visitors reach the wrong site, also considered phishing.
Example valid redirects
Example: unvalidated redirect  Code in yellow redirects user to a different site
Example: unvalidated redirect  Unvalidated redirects also can be in emails
Risks of unvalidated redirects  Typical reasons unvalidated redirects are used  To direct a user to a site in order to obtain username and password to sites. Examples: ebay.com, paypal.com, amazon.com, etc…  Used to access information in order to obtain products and goods with information provided by the end user  Used to direct an end user to a site that sells services  Examples: adult content, prescription companies in to other countries, start up sites competing for business….  Unvalidated redirects used to steal infromation  This is done when a user goes to a site that may look the same as the intended site but created for the purpose of stealing information.  Username and passwords as previously mentioned  Reading cookies together information
Risks of unvalidated redirects  Installing malicious code  Can be done by clicking on a file to download such as pdf’s  Can also be done by having buttons or images to return to previous page. When the user clicks on the image thinking they are returning to the previous site they are actually acknowledge a software download. The code gathers information and send to the intruder and or hacker.  Misdirection unvalidated redirects  Typically uses:  Email called phishing  Email comes from trusted site but disguised, example would be from Internal Revenue Service.  This type of redirect tries to use misdirection by obtaining the user attention to an important matter, while getting them to click on the that takes them to the redirect to gather secure information.
Risks of unvalidated redirects  One of the biggest risks of unvalidated redirects to business is the cost.  What happens when customers get unvalidated redirects:  Customer loose trust in the site  Customer can loose personnel information  Security breach if the program gathers enough information  Cost to clear the matter up can be costly including but not limited to closing the business due to the cost.
Ways to detect unvalidated redirects  The easiest way to detect an unvlalidated redirect is to hover over the link with the mouse.  By placing the mouse over the link the user can see where the link is headed  The user can compare the redirect link with the intended site link and see if it matches.  Other ways to detect unvalidated links  Google offers the option to use site:search  The site administrator simply types the website address in the googles search engine and goes through the webpages to see all of the links.  The site administrator compare all the links to what should be expected and if something appears incorrectly they correct the code  Example a hardware store enters their site into Google's search engine: John Doe’s Hardware.  If the administrator notice a Viagra related page then the site has an unvalidated redirect.  Google even offers a Google alert to automate the searh
Ways to detect unvalidated redirects  Most of today’s and even older applications used to create websites can check for valid redirects.  Microsoft’s FrontPage for example had an option to check all links in the website and validate the end result. The screen was shown in table format to compare the links to the redirects to make sure they were valid.  Today’s browser have also got a lot better at searching ahead before taking the user to the page.  If you use Mozilla Firefox you may have seen the following screen shot because the webpage did not match in the information given:
How to prevent unvalidated redirects  Simple avoid using redirects in your website.  If they can not be avoided, do not use parameters to calculate the destination.  This means to give the direct site location.  If none of this can be avoided, make sure the server side application is used for translation.
Summary  While it is very easy to create a unvalidated redirect it is also simple to find.  Most unvalidated redirects use the magicians trick of while the eyes are watching one hand the other is doing something else.  It is also easy to correct coding for unvalidated redirect.  The most effective items a website administrator can do to prevent unvalidated redirects:  Use good coding practices  Audit the site periodically  The most effective items a user can to prevent unvalidated redirects:  Use internet security software  Keep their browser up to date  Pay attention to URL’s look before click.
References  Application Security: The Essentials – Unvalidated Redirects and Forwards: http://www.labs64.com/blog/2014/01/application-security-the- essentials-unvalidated-redirects-and-forwards/  OWASP: https://www.owasp.org/index.php/Top_10_2013-A10- Unvalidated_Redirects_and_Forwards  Open redirect URLS: Is your site being abused? http://googlewebmastercentral.blogspot.com/2009/01/open-redirect-urls- is-your-site-being.html  Preventing Open Redirect Attacks(C#): http://www.asp.net/mvc/overview/security/preventing-open-redirection-attacks  Security testing and for unvalidated redirects and forwards: http://searchsoftwarequality.techtarget.com/tip/Security-testing-for-unvalidated- redirects-and-forwards  URL redirection: http://en.wikipedia.org/wiki/URL_redirection  URL Redirector Abuse: http://projects.webappsec.org/w/page/13246981/URL%20Redirector%2 0Abuse  Wikipedia, URL redirection: http://en.wikipedia.org/wiki/URL_redirection
References  Module 10: Unvalidated Redirects and Forwards: http://www.securingthehuman.org/programs/government-current/ video/unvalidated-redirects-and-forwards  Hacking Websites – Part 6: Unvalidated Redirects and Forwards: http://www.thatcoderguy.co.uk/2014/09/16/hacking-websites-part- 6-unvalidated-redirects-and-forwards/

More Related Content

PPTX
Xss attack
byManjushree Mashal
 
PPTX
Basic Wordpress PPT
bymayur akabari
 
PPTX
Introduction to Node.js
byVikash Singh
 
PPTX
Host Header injection - Slides
byAmit Dubey
 
PDF
CSS3, Media Queries, and Responsive Design
byZoe Gillenwater
 
PDF
Use Node.js to create a REST API
byFabien Vauchelles
 
PDF
Cohen Sutherland Line Clipping Algorithm Example
byKasun Ranga Wijeweera
 
PDF
Front-End Frameworks: a quick overview
byDiacode
 
Xss attack
byManjushree Mashal
 
Basic Wordpress PPT
bymayur akabari
 
Introduction to Node.js
byVikash Singh
 
Host Header injection - Slides
byAmit Dubey
 
CSS3, Media Queries, and Responsive Design
byZoe Gillenwater
 
Use Node.js to create a REST API
byFabien Vauchelles
 
Cohen Sutherland Line Clipping Algorithm Example
byKasun Ranga Wijeweera
 
Front-End Frameworks: a quick overview
byDiacode
 

What's hot

PPTX
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
byPradeeshSAI
 
PPTX
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
bychrisdeming24
 
PPTX
Scanning and Enumeration in Cyber Security.pptx
byMahdiHasanSowrav
 
PPTX
Password management
byWilmington University
 
PPTX
Secure coding practices
byMohammed Danish Amber
 
PDF
SACON - Deception Technology (Sahir Hidayatullah)
byPriyanka Aash
 
PPTX
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
bySuhail Khan
 
PDF
Weaponizing Your DevOps Pipeline
byPuma Security, LLC
 
PPTX
Html & CSS
byJainilSampat
 
PPTX
Unit 1 - TypeScript & Introduction to Angular CLI.pptx
byMalla Reddy University
 
PPT
Web Hacking
byInformation Technology
 
PDF
Publish Android Application on Google Play Store
bySandip Kalola
 
PPT
Application Security
byflorinc
 
PPTX
Web Security
byTripad M
 
PPTX
3D Password
byShubham Rungta
 
PDF
HTML & CSS
bylexinamer
 
PDF
Password (in)security
byEnrico Zimuel
 
PDF
Clean Code na Prática
byDouglas Siviotti
 
PPTX
Flutter
byHimanshu Singh
 
PDF
Introduction to web programming with JavaScript
byT11 Sessions
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
byPradeeshSAI
 
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
bychrisdeming24
 
Scanning and Enumeration in Cyber Security.pptx
byMahdiHasanSowrav
 
Password management
byWilmington University
 
Secure coding practices
byMohammed Danish Amber
 
SACON - Deception Technology (Sahir Hidayatullah)
byPriyanka Aash
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
bySuhail Khan
 
Weaponizing Your DevOps Pipeline
byPuma Security, LLC
 
Html & CSS
byJainilSampat
 
Unit 1 - TypeScript & Introduction to Angular CLI.pptx
byMalla Reddy University
 
Web Hacking
byInformation Technology
 
Publish Android Application on Google Play Store
bySandip Kalola
 
Application Security
byflorinc
 
Web Security
byTripad M
 
3D Password
byShubham Rungta
 
HTML & CSS
bylexinamer
 
Password (in)security
byEnrico Zimuel
 
Clean Code na Prática
byDouglas Siviotti
 
Flutter
byHimanshu Singh
 
Introduction to web programming with JavaScript
byT11 Sessions
 

Viewers also liked

PPTX
A7 Missing Function Level Access Control
bystevil1224
 
PPT
"WEB applications security testing" by Kirill Semenov for Lohika Odessa QA Te...
byLohika_Odessa_TechTalks
 
PDF
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
bySonatype
 
PDF
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
PPTX
Sensitive Data Exposure
byabodiford
 
PPT
Data Encoding
byLuka M G
 
DOCX
fyp_thesis-of-Web-Application-Security-Scanner
byInaam Ishaque Shaikh
 
A7 Missing Function Level Access Control
bystevil1224
 
"WEB applications security testing" by Kirill Semenov for Lohika Odessa QA Te...
byLohika_Odessa_TechTalks
 
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...
bySonatype
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
Sensitive Data Exposure
byabodiford
 
Data Encoding
byLuka M G
 
fyp_thesis-of-Web-Application-Security-Scanner
byInaam Ishaque Shaikh
 

Similar to A10 - Unvalidated Redirects and Forwards

PPTX
Secure Development on the Salesforce Platform - Part 2
bySalesforce Developers
 
PDF
Owasp for dummies handouts
byBCC
 
PPTX
Chapter 17 a fraud in e commerce Jen
byVidaB
 
PPTX
Securing the Web @RivieraDev2016
bySumanth Damarla
 
PDF
OWASP Top Ten in Practice
bySecurity Innovation
 
PPTX
Panama-Paper-Leak
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPT
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
byBrian Huff
 
PDF
Web application sec_3
byvhimsikal
 
PDF
OWASP Top 10
byArthur Shvetsov
 
PDF
How to Find and Fix Broken Authentication Vulnerability
byAshKhan85
 
PPTX
Panama Papers Leak and Precautions Law firms should take
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
OWASP TOP 10 by Team xbios
byVi Vek
 
PDF
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
bySam Bowne
 
PDF
OWASPTop 10
byInnoTech
 
PPTX
Internet use issues
bycomputers 11
 
PPTX
The Cross Window redirect
byMichael Hendrickx
 
PPSX
Antiphishing
byJustin Eldredge
 
PDF
Threats, Threat Modeling and Analysis
byIan G
 
PPTX
Correct the most common web development security mistakes - Eric Vanderburg
byEric Vanderburg
 
PDF
Truetesters presents OWASP Top 10 Web Vulnerability
byTrueTesters
 
Secure Development on the Salesforce Platform - Part 2
bySalesforce Developers
 
Owasp for dummies handouts
byBCC
 
Chapter 17 a fraud in e commerce Jen
byVidaB
 
Securing the Web @RivieraDev2016
bySumanth Damarla
 
OWASP Top Ten in Practice
bySecurity Innovation
 
Panama-Paper-Leak
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
OWASP Top 10 Security Vulnerabilities, and Securing them with Oracle ADF
byBrian Huff
 
Web application sec_3
byvhimsikal
 
OWASP Top 10
byArthur Shvetsov
 
How to Find and Fix Broken Authentication Vulnerability
byAshKhan85
 
Panama Papers Leak and Precautions Law firms should take
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
OWASP TOP 10 by Team xbios
byVi Vek
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
bySam Bowne
 
OWASPTop 10
byInnoTech
 
Internet use issues
bycomputers 11
 
The Cross Window redirect
byMichael Hendrickx
 
Antiphishing
byJustin Eldredge
 
Threats, Threat Modeling and Analysis
byIan G
 
Correct the most common web development security mistakes - Eric Vanderburg
byEric Vanderburg
 
Truetesters presents OWASP Top 10 Web Vulnerability
byTrueTesters
 

Recently uploaded

PPTX
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
PDF
Using Geolocation Features To Personalize Mobile Apps.pdf
bydavidjohansen1597
 
PPTX
Hire AI Developers | Agicent Technologies
byriveranicky099
 
PDF
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
PDF
Mobile App Accessibility Standards Every Developer Should Know.pdf
bydavidjohansen1597
 
PPTX
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
PDF
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
PDF
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
PDF
Digital PR Essentials: A Complete Beginner’s Guide to Earning Media Coverage ...
byVolodymyr Zhyliaev
 
PDF
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
DOCX
How To Safely Buy an Instagram Account (Guide 2025).docx
bycucfuc315
 
PPTX
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
PDF
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
PPTX
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
PDF
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
PPTX
Презентация Филимонов (английский).pptx
bydragonnonext
 
PDF
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
PDF
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
PPTX
DISS presentation. pptx mmmmmmmmmmmmmmmmmm
byannamarietotong020
 
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
Using Geolocation Features To Personalize Mobile Apps.pdf
bydavidjohansen1597
 
Hire AI Developers | Agicent Technologies
byriveranicky099
 
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
Mobile App Accessibility Standards Every Developer Should Know.pdf
bydavidjohansen1597
 
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
Digital PR Essentials: A Complete Beginner’s Guide to Earning Media Coverage ...
byVolodymyr Zhyliaev
 
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
How To Safely Buy an Instagram Account (Guide 2025).docx
bycucfuc315
 
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
Презентация Филимонов (английский).pptx
bydragonnonext
 
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
DISS presentation. pptx mmmmmmmmmmmmmmmmmm
byannamarietotong020
 
In this document
Powered by AI

Presentation on unvalidated redirects and their implications for cybersecurity.

Definitions from OWASP, Google, and Microsoft highlighting risks associated with unvalidated redirects.

Redirects are used for various purposes such as correcting misspellings and moving pages.

Shows examples of both valid and unvalidated redirects.

Illustrates how unvalidated redirects can be exploited through code manipulation.

Explains how unvalidated redirects can occur in emails.

Details the risks including phishing attacks and user credentials compromise via unvalidated redirects.

Describes risks like installing malicious code and using misdirection in emails to gather sensitive information.

Discusses the financial impact and loss of customer trust due to unvalidated redirects.

Techniques to detect unvalidated redirects by hovering over links and using Google's search tools.

Highlights tools and applications available to check the validity of redirects effectively.

Suggestions for avoiding unvalidated redirects, including not using URL parameters for redirects.

Summarizes the ease of creating unvalidated redirects and emphasizes good coding practices and user vigilance.

List of resources for further information on unvalidated redirects and related security measures.

Additional references providing insights into unvalidated redirects and methods of prevention.

A10 - Unvalidated Redirects and Forwards

  • 1.
    A10 - Unvalidated Redirects and Forwards IT 6873 Presentation By William Stanley Southern Polytechnic State University Fall 2014
  • 2.
    What is aunvalidated redirect?  Definitions  OWASP: The linking to a destination with out proper validation that leads to unauthorized pages.  Google: References unvalidated redirects as simply spammy and or malware.  Microsoft: Any web application that redirects to a URL that is specified via the request such as the querystring or form data can potentially be tampered with to redirect users to an external, malicious URL Summary: An unvalidated redirect is link on trusted site that will take the user to an unauthorized site to expose a vulnerability by either installing malicious software or by gaining secure information from the user.
  • 3.
    Why use redirects?  Similar domain names: to redirect for misspellings  Moving pages: merge sites, move to a new domain, or name change  Logging out going link: A technique that was made popular by selling ads on sites direct them to sites such as Amazon.com  Shortening the original link: links on sites with hundreds and thousands of pages typically do this for a shorter link.  Manipulating  One way to make sure search engines and visitors reach the correct site  Another way to make sure search engines and visitors reach the wrong site, also considered phishing.
  • 4.
  • 5.
    Example: unvalidated redirect  Code in yellow redirects user to a different site
  • 6.
    Example: unvalidated redirect  Unvalidated redirects also can be in emails
  • 7.
    Risks of unvalidatedredirects  Typical reasons unvalidated redirects are used  To direct a user to a site in order to obtain username and password to sites. Examples: ebay.com, paypal.com, amazon.com, etc…  Used to access information in order to obtain products and goods with information provided by the end user  Used to direct an end user to a site that sells services  Examples: adult content, prescription companies in to other countries, start up sites competing for business….  Unvalidated redirects used to steal infromation  This is done when a user goes to a site that may look the same as the intended site but created for the purpose of stealing information.  Username and passwords as previously mentioned  Reading cookies together information
  • 8.
    Risks of unvalidatedredirects  Installing malicious code  Can be done by clicking on a file to download such as pdf’s  Can also be done by having buttons or images to return to previous page. When the user clicks on the image thinking they are returning to the previous site they are actually acknowledge a software download. The code gathers information and send to the intruder and or hacker.  Misdirection unvalidated redirects  Typically uses:  Email called phishing  Email comes from trusted site but disguised, example would be from Internal Revenue Service.  This type of redirect tries to use misdirection by obtaining the user attention to an important matter, while getting them to click on the that takes them to the redirect to gather secure information.
  • 9.
    Risks of unvalidatedredirects  One of the biggest risks of unvalidated redirects to business is the cost.  What happens when customers get unvalidated redirects:  Customer loose trust in the site  Customer can loose personnel information  Security breach if the program gathers enough information  Cost to clear the matter up can be costly including but not limited to closing the business due to the cost.
  • 10.
    Ways to detectunvalidated redirects  The easiest way to detect an unvlalidated redirect is to hover over the link with the mouse.  By placing the mouse over the link the user can see where the link is headed  The user can compare the redirect link with the intended site link and see if it matches.  Other ways to detect unvalidated links  Google offers the option to use site:search  The site administrator simply types the website address in the googles search engine and goes through the webpages to see all of the links.  The site administrator compare all the links to what should be expected and if something appears incorrectly they correct the code  Example a hardware store enters their site into Google's search engine: John Doe’s Hardware.  If the administrator notice a Viagra related page then the site has an unvalidated redirect.  Google even offers a Google alert to automate the searh
  • 11.
    Ways to detectunvalidated redirects  Most of today’s and even older applications used to create websites can check for valid redirects.  Microsoft’s FrontPage for example had an option to check all links in the website and validate the end result. The screen was shown in table format to compare the links to the redirects to make sure they were valid.  Today’s browser have also got a lot better at searching ahead before taking the user to the page.  If you use Mozilla Firefox you may have seen the following screen shot because the webpage did not match in the information given:
  • 12.
    How to preventunvalidated redirects  Simple avoid using redirects in your website.  If they can not be avoided, do not use parameters to calculate the destination.  This means to give the direct site location.  If none of this can be avoided, make sure the server side application is used for translation.
  • 13.
    Summary  Whileit is very easy to create a unvalidated redirect it is also simple to find.  Most unvalidated redirects use the magicians trick of while the eyes are watching one hand the other is doing something else.  It is also easy to correct coding for unvalidated redirect.  The most effective items a website administrator can do to prevent unvalidated redirects:  Use good coding practices  Audit the site periodically  The most effective items a user can to prevent unvalidated redirects:  Use internet security software  Keep their browser up to date  Pay attention to URL’s look before click.
  • 14.
    References  ApplicationSecurity: The Essentials – Unvalidated Redirects and Forwards: http://www.labs64.com/blog/2014/01/application-security-the- essentials-unvalidated-redirects-and-forwards/  OWASP: https://www.owasp.org/index.php/Top_10_2013-A10- Unvalidated_Redirects_and_Forwards  Open redirect URLS: Is your site being abused? http://googlewebmastercentral.blogspot.com/2009/01/open-redirect-urls- is-your-site-being.html  Preventing Open Redirect Attacks(C#): http://www.asp.net/mvc/overview/security/preventing-open-redirection-attacks  Security testing and for unvalidated redirects and forwards: http://searchsoftwarequality.techtarget.com/tip/Security-testing-for-unvalidated- redirects-and-forwards  URL redirection: http://en.wikipedia.org/wiki/URL_redirection  URL Redirector Abuse: http://projects.webappsec.org/w/page/13246981/URL%20Redirector%2 0Abuse  Wikipedia, URL redirection: http://en.wikipedia.org/wiki/URL_redirection
  • 15.
    References  Module10: Unvalidated Redirects and Forwards: http://www.securingthehuman.org/programs/government-current/ video/unvalidated-redirects-and-forwards  Hacking Websites – Part 6: Unvalidated Redirects and Forwards: http://www.thatcoderguy.co.uk/2014/09/16/hacking-websites-part- 6-unvalidated-redirects-and-forwards/