An abuse of trust: Potential security issues with open redirects. [Research Saturday]

Guest Mike Benjamin, VP of Security Research at Fastly, joins Dave Bittner to talk about the Fastly Security Research Team's work on "Open redirects: real-world abuse and recommendations." Open URL redirection is a class of web application security problems that makes it easier for attackers to direct users to malicious resources. This vulnerability class, also known as “open redirects,” arises when an application allows attackers to pass information to the app that results in users being sent to another location. That location can be an attacker-controlled website or server used to distribute malware, trick a user into trusting a link, execute malicious code in a trusted way, drive ad fraud, or even perform SEO manipulation. Knowing how an open redirect can be abused is helpful — but knowing how to design around it in the first place is even more important. Mike walks us through what his team uncovered, explains how redirects are used, how they can be abused, and how you can prevent that abuse. The research can be found here: Open redirects: real-world abuse and recommendations