DotNetShoutout

Welcome!

DotNetShoutout is a place where you can find the latest Microsoft .NET stories to increase your skills and share your opinions.

Enjoy participating in this community and see which other people in our industry are getting Shoutouts.

faq »

5
Shouts

Shout it

OWASP Top 10 for .NET developers part 10: Unvalidated Redirects and Forwards

published 530 days, 2 hours, 38 minutes ago posted by

http://troyhunt.myopenid.com/ 531 days, 9 hours, 35 minutes ago

In the final instalment of the OWASP Top 10 for .NET developers we look at the risk of unvalidated redirects and forwards. This practice allows an attack to use a legitimate, trustworthy URL to serve malicious content which could do anything from steal credentials to install malware. But mitigation is easy and this post shows the exploit in practice and how to prevent it in your .NET apps.