Martín Obiols

Random InfoSec Rants

[SLIDES] Security Implications of Open Redirects

12 Sep 2013 » web, appsec, slides

Security & Open Redirects

So Open Redirects debate always comes back again and again across security rooms. I often dig the claim that these should not get real attention since they hardly get used beyond PoCs, but there are still some situations in which they can become a real issue.

Having read a lot lately about hacks making use of open redirectors to accomplish all sorts of cool vuln chaining, I decided to tie up all my loose thoughts in a deck of slides, in the hopes that it can serve as a reference for the current and actual impact of delivering arbitrary redirects to your users.