Browse Definitions :
Definition

open redirect

Contributor(s): Matthew Haughn

Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. 

When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious third-party websites. Sites or apps that fail to authenticate URLs can become a vector for malicious redirects to convincing fake sites for identity theft or sites that install malware.

Normally, redirection is a technique for shifting users to a different web page than the URL they requested. Webmasters use redirection for valid reasons, such as dealing with resources that are no longer available or have been moved to a different location. Web users often encounter redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another company.

The Heartbleed vulnerability, originally reported to be enabled by covert redirects, was eventually discovered to be the result of the less serious -- but still irresponsible -- enabling of open redirect.

This was last updated in July 2014

Continue Reading About open redirect

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

Dateiendungen und Dateiformate

Gesponsert von:

SearchCompliance

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

SearchSecurity

  • access control

    Access control is a security technique that regulates who or what can view or use resources in a computing environment.

  • ethical hacker

    An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to ...

  • two-factor authentication (2FA)

    Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security ...

SearchHealthIT

SearchDisasterRecovery

  • virtual disaster recovery

    Virtual disaster recovery is a type of DR that typically involves replication and allows a user to fail over to virtualized ...

  • tabletop exercise (TTX)

    A tabletop exercise (TTX) is a disaster preparedness activity that takes participants through the process of dealing with a ...

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a data center.

SearchStorage

  • Flash Storage

    Flash storage is any type of drive, repository or system that uses flash memory to keep data for an extended period of time.

  • optical disc

    An optical disc is an electronic data storage medium that can be written to and read from using a low-powered laser beam.

  • RAID 0 (disk striping)

    RAID 0 (disk striping) is the process of dividing a body of data into blocks and spreading the data blocks across multiple ...

Close