Tag: OWASP 2010 A10 – Unvalidated Redirects and Forwards

• OWASP A10 – Unvalidated Redirects and Forwards with PHP

  This is going to be a pretty short post. There are no directly associated ASVS requirements for OWASP A10. The closest ASVS requirement is 4.2: “Verify that users can only access URLs for which they possess specific authorization,” which will be covered in this post. The risk here is that an unvalidated redirect that accepts…

  Josh Berry

  October 26, 2011

  OWASP 2010 A10, PHP Security

  ASVS 4.2, OWASP 2010 A10 – Unvalidated Redirects and Forwards, PHP