Security Test: Open redirection Forgery via Frontend¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
Open redirection happens when your app blindly trusts a URL provided by the user and sends them to that address without checking it first. This can let attackers trick users into visiting malicious sites that look credible, leading to potential phishing or other exploits. Essentially, if you allow user input to dictate where users go, you're opening up an avenue for someone to redirect them to something harmful. The common mistake is not validating or sanitizing the URL, so it's important to ensure only approved destinations are used.
Configuration¶
Identifier:
frontend_request_forgery/open_redirect
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API3:2023 |
| OWASP LLM Top 10 | LLM02:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-97 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 601 |
| CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |