As a tool it may be used to make sure redirects are safe. A piece of advice from OWASP is that if you are to use redirects that pass a parameter for where to redirect to that a parameter should find a dance partner in a lookup table and should not be interpreted literally. The parameter should be a key and the dance partner the thing to power the redirect.
No comments:
Post a Comment