Skip to content

CSRF & Open Redirects

Published on

CSRF results in any allowed logged-in user action performed without user’s knowledge or consent (ex. transfer of funds, change of account password, purchase and shipment of merchandise). An open redirect results in a user being forwarded to an attacker’s site even though the link they clicked on appeared to go to a legitimate site; the attacker spoofs the official website and tricks the user into believing that the user continues to work/interact with the official site. Walkthrough an example of CSRF and Open Redirect and explore Java-specific solutions to address CSRF and Open Redirect.