[WEB SECURITY] CSRF remedies in
54van7 at securityisdead.com
Fri Jan 16 08:15:09 EST 2009
Essentially, preventing arbitrary URLs to be supplied as the redirect
This is achieved by creating a whitelist validation routine
(i.e. regex, etc.) that only allows known "good" values proper for your
application and rejects all other supplied values.
Here's an advisory for an example of the threat:
Stephan Wehner wrote:
> Be sure to prevent open redirects by white listing the site's for which you need to allow redirects.
> I lost you with this one. Do you mind explaining?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5547 bytes
Desc: S/MIME Cryptographic Signature
More information about the websecurity