Talk:Top 10 2010-A10-Unvalidated Redirects and Forwards

From OWASP
Revision as of 15:17, 1 June 2011 by Jweiler (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

I don't understand the technical difference between the 2 scenarios. Q1. The first says '..redirects users...'; the second says '...uses forward to route requests ...'; Are these both 3xx responses?

Q2. If the app uses the parameter value to go to a site relative url, are you saying that is inherently risky because the app may not perform any further validation?