Open redirects: Easy to detect, Hard to fix
Open redirects are pretty dangerous, not because of their impact but because of how easily they can be hidden. We will be exploring some general tips later on but first we need to explain what open redirects are.
The best way to do that in my experience is by example so we will again be building a lab and hacking it before we try to secure it. Open redirects happen when the application redirects the users but does not check the user is sent to the proper resource. Instead, no check is done and every malicious…