Book Image

Mastering C# and .NET Framework

Book Image

Mastering C# and .NET Framework

Overview of this book

Mastering C# and .NET Framework will take you in to the depths of C# 6.0/7.0 and .NET 4.6, so you can understand how the platform works when it runs your code, and how you can use this knowledge to write efficient applications. Take full advantage of the new revolution in .NET development, including open source status and cross-platform capability, and get to grips with the architectural changes of CoreCLR. Start with how the CLR executes code, and discover the niche and advanced aspects of C# programming – from delegates and generics, through to asynchronous programming. Run through new forms of type declarations and assignments, source code callers, static using syntax, auto-property initializers, dictionary initializers, null conditional operators, and many others. Then unlock the true potential of the .NET platform. Learn how to write OWASP-compliant applications, how to properly implement design patterns in C#, and how to follow the general SOLID principles and its implementations in C# code. We finish by focusing on tips and tricks that you'll need to get the most from C# and .NET. This book also covers .NET Core 1.1 concepts as per the latest RTM release in the last chapter.
Table of Contents (21 chapters)
Mastering C# and .NET Framework
Credits
About the Author
Acknowledgements
About the Reviewer
www.PacktPub.com
Preface
Index

A10 – Invalidated redirects and forwards


Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

As you can see in the official definition, the issue here is redirection. Or, to be precise, the issue is redirection in a non secure manner.

The official documentation suggests that the best ways to find out whether some software includes dangerous forwarding of redirects are as follows:

  • Revise the code for any redirection or forwarding (transfer in .NET). Once identified, check whether the target URL is included in any parameter values. In case it is, the target URL is not being validated against a whitelist, and therefore, you are vulnerable.

  • The other possibility is that the site generates redirects, which correspond to HTTP response codes 300-307, and, typically a 302 code....