Browse Definitions :
Definition

open redirect

Contributor(s): Matthew Haughn

Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. 

When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious third-party websites. Sites or apps that fail to authenticate URLs can become a vector for malicious redirects to convincing fake sites for identity theft or sites that install malware.

Normally, redirection is a technique for shifting users to a different web page than the URL they requested. Webmasters use redirection for valid reasons, such as dealing with resources that are no longer available or have been moved to a different location. Web users often encounter redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another company.

The Heartbleed vulnerability, originally reported to be enabled by covert redirects, was eventually discovered to be the result of the less serious -- but still irresponsible -- enabling of open redirect.

This was last updated in July 2014

Continue Reading About open redirect

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • hot plugging

    Hot plugging is the addition of a component to a running computer system without significant interruption to the operation of the...

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification and is used in internally mounted ...

  • kilobyte (KB or Kbyte)

    A kilobyte (KB or Kbyte) is a unit of measurement for computer memory or data storage used by mathematics and computer science ...

Close