What is open redirect? - Definition from WhatIs.com
Part of the Application security glossary:

Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. 

When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious third-party websites. Sites or apps that fail to authenticate URLs can become a vector for malicious redirects to convincing fake sites for identity theft or sites that install malware.

Normally, redirection is a technique for shifting users to a different web page than the URL they requested. Webmasters use redirection for valid reasons, such as dealing with resources that are no longer available or have been moved to a different location. Web users often encounter redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another company.

The Heartbleed vulnerability, originally reported to be enabled by covert redirects, was eventually discovered to be the result of the less serious -- but still irresponsible -- enabling of open redirect.

This was last updated in July 2014
Contributor(s): Matthew Haughn
Posted by: Margaret Rouse

Related Terms

Definitions

  • attack surface analysis

    - An organization's attack surface includes all the exploitable vulnerabilities in its hardware, software, connections and even its employees, in the form of social engineering. Attack surface analys... (WhatIs.com)

  • private cloud (internal cloud or corporate cloud)

    - Private cloud (also called internal cloud) is a marketing term for an enterprise computing architecture that's protected by a firewall. Promotion of the private cloud model is designed to appeal to... (searchCloudComputing.com)

  • National Vulnerability Database (NVD)

    - NVD (National Vulnerability Database) is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is used by the U.S. Government for security management... (WhatIs.com)

Glossaries

  • Application security

    - Terms related to application security, including procedural definitions for preventing software vulnerabilities and words and phrases about secure code development.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.