Lessons: 20Length: 2.1 hours

Next lesson playing in 5 seconds

  • Overview
  • Transcript

3.13 Unvalidated Redirects

An unvalidated redirect occurs when a user follows a link that redirects them to another page, but where the redirect target can be modified by an attacker (e.g. when it is passed as a URL parameter). In this lesson, I'll show you a simple defense for unvalidated redirects. It involves whitelisting certain redirect targets and making sure that sanitation is performed on the redirect target URL to strip out relative paths and null-bytes.