team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updating description with owasp 2013 description

Browse Source
This commit is contained in:
Michael McCabe
2013-11-12 13:55:24 -05:00
parent 64f2ad9f9e
commit cf1b5dc124
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/tutorial/redirects/_redirects_first.html.erb
+2 -1
View File
@@ -17,7 +17,8 @@
<div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
<div class="accordion-inner">
<p class="desc">
OWASP Description - Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
Applications frequently redirect users to other pages, or use internal forwards in a similar manner. Sometimes the target page is specified in an unvalidated parameter, allowing attackers to choose the destination page.
Detecting unchecked redirects is easy. Look for redirects where you can set the full URL. Unchecked forwards are harder, because they target internal pages.
</p>
<p class="desc">
Railsgoat allows the redirection to the paths previously requested but for which the user did not have access. Following authentication, the user is redirected.