Issue #8: Added README for unvalidated redirects

Signed-off-by: Siddharth Goel <[email protected]>
siddharthgoel88 · May 14, 2015 · e3f107a · e3f107a
1 parent 09ef2da
commit e3f107a
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/unvalidated-redirects/README.md b/unvalidated-redirects/README.md
@@ -0,0 +1,21 @@
+# Unvalidated redirects and forwards 
+
+### What is it?
+[OWASP] says that it is linking to a destination without proper validation that leads to unauthorized page. Attacker might redirect victim to phishing webpage and steal the credentials.
+
+### Attack vector
+Need to fill info here !!
+
+### How to Prevent it?
+- From security perspective, redirects should not be used in websites.
+- If redirects are necessary, then try providing the direct links instead of calculating the destination.
+- If direct links also could not be used, then do the manipulation on server-side with proper validation.
+- Users of a website should pay attention to the URL before clicking.
+
+### Sources
+https://www.owasp.org/index.php/Top_10_2013-Top_10
+http://www.slideshare.net/ShaneStanley/a10-unvalidated-redirects
+https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
+
+[OWASP]:https://www.owasp.org/index.php/Top_10_2013-Top_10
+