Open Redirect vulnerabilities arise when applications redirect a user's browser to a URL based on unverified GET request parameters provided to the application. While the user believes they are being redirected to a legitimate website, an Open Redirect vulnerability allows the attacker to lead them to a malicious website. To avoid or address Open Redirect vulnerabilities, you can use allow lists or lookup tables to determine the destinations of redirects, show a warning page before redirecting users to external URLs, or remove the redirect functionality from your application. This Defending C# Applications Against Open Redirect Skill Lab offers a virtual environment that includes a vulnerable application and its complete source code to train developers on identifying and addressing Open Redirect vulnerabilities.
Learning Objectives
After completing this lab, the learner will understand how to defend C# applications against open redirect vulnerabilities by receiving hands-on experience testing for these vulnerabilities and implementing a suitable mitigation.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):