Open Redirect Vulnerability: What It Is and Why It Matters
1 min read
Summary
An open redirect is a type of security vulnerability in a web application that enables users to be redirected to a malicious external URL.
These are usually caused by a lack of validation of the URL and commonly misused in phishing attacks.
In a phishing attack, an attacker sends a link to a familiar website but with a redirect appended at the end.
The user follows the link believing it to be safe as it begins with a trusted domain, and is then redirected to a malicious site.
This simple blog explains what an open redirect is, how it works, why it’s so risky, and how to avoid it.
It suggests prevention methods such as implementing a redirect allowlist, validating user input, warning users before redirecting and logging and monitoring.
It also suggests that users should not just look at the link but hover over it to see where it really points to.