Security Test: Open redirection Forgery¶
Description¶
Default Severity:
Open redirection happens when an application uses user input to decide where to send users without properly checking that input. This lets an attacker trick the app into sending users to a malicious website that looks like the legitimate one, which can help launch phishing attacks. Developers need to watch out for simple mistakes like not validating or sanitizing URL parameters, which can let attackers exploit the trust users have in the verified domain. Left unchecked, this vulnerability can erode user trust and expose them to various types of online attacks.
Configuration¶
Identifier:
request_forgery/open_redirect
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API3:2023 |
| OWASP LLM Top 10 | LLM02:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-97 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 601 |
| CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |