Saturday, June 5, 2010

Open Redirect Wreck Off - HITB EZine

Web Traffic Forwards

The paper talks about the real time scenarios analyzed while conducting security assessments of different websites.It has been detected that these websites are prone to invalidated redirects and forward issues.Recently,with the release of OWASP 2010 RC1 release,A8 has been marked against the redirection based flaws in websites.The attacker can control the user’s trust behavior to visit the website which is malicious and controlled by the untrusted party.These vulnerabilities can be the result of inefficient development,misconfiguration and other vulnerabilities that lead to injections in the websites.These vulnerabilities have been persisting from a long time but incorporated recently in the top 10 benchmark by the analysis of the damage done.Spammers utilize the open redirect weaknesses in the website to abuse it appropriately for conducting phishing and other stringent attacks.

Download PDF

No comments: