Hello and welcome to the cyber very secure coding course. My name is Sonny Wear, and this is a WASP Top 10 for 2013.
A 10 unveil a dated redirects and forwards. Now first, let's take a look at our definition from O ost. Web applications frequently redirect and forward users to other pages and websites and use untrusted data to determine the destination pages.
Without proper validation. Attackers can redirect victims to fishing or malware. Sites are used for words to access unauthorized pages.
If we take a look at our mosque chart, we can see that the attack vector exploit ability in this category is average.
The technical impact is moderate.
Now, looking at the security weakness, it states, the following
applications frequently redirect users to other pages or use internal forwards in a similar manner.
Sometimes the target pages specified in an unveiling, dated parameter, allowing Attackers to choose the destination page.
Now the good news is detecting unchecked redirects is easy. Look for redirects where you can set the full u. R L Unchecked forwards are harder, since they target internal pages.
Taking a look at some code samples. We have a couple from Java first J S P code, you're going to find references to redirects in your response object. Such ascend, redirect and then a year old has passed there
in the Google G W T class window dot location, there is a replace method that case in a string that
directs the user to a new U. R L. So in either of these cases,
if unveil it dated data is passed to those location functions,
they can provide the opportunity
for our victims to be redirected to an attacker controlled website.
Now the PHP sample code we have is very similar in nature to the Java. Here we have some code that receives the value from the U. R L parameter and then immediately uses that value as its assigned to a variable without doing
doing any kind of validation Check.
Now the case study is on watering holes.
If you've never heard the term watering hole before, it's usually used to describe
an attacker controlled website
that is the landing page for redirected victims.
Now, in this article, the particular targeted websites were government agencies and banks,
and there were links on those pages that were actually really replaced with a redirect attack. In other words, theat location code didn't do any kind of validation. And so those links actually would forward to other watering holes.
In this particular case, the watering holes were actually websites that had very poor security.
various other attacks
that we've covered in our modules.