This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Top 10 2010-A10-Unvalidated Redirects and Forwards

From OWASP
Jump to: navigation, search

I don't understand the technical difference between the 2 scenarios. Q1. The first says '..redirects users...'; the second says '...uses forward to route requests ...'; Are these both 3xx responses?

Q2. If the app uses the parameter value to go to a site relative url, are you saying that is inherently risky because the app may not perform any further validation?

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Top_10_2010-A10-Unvalidated_Redirects_and_Forwards&oldid=111437"