Skip to content

Request Forgery: Open redirection Forgery

Identifier: frontend_open_redirect

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Open redirection occurs when applications use user input to decide redirect destinations without proper validation, allowing attackers to trick users into visiting malicious websites that appear legitimate, potentially enabling phishing attacks.

How we test: We analyze frontend code and redirect mechanisms to detect if user-controlled input is used for redirects without proper validation. We inject malicious URLs into redirect parameters and check if applications properly validate redirect destinations to prevent open redirect vulnerabilities.

Configuration

Example

Example configuration:

---
security_tests:
  frontend_open_redirect:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.