This article is a part of our Web Security Knowledge Base (back to index)

Why “External Redirect” can be dangerous

This is not necessarily a security threat, but can lead to serious vulnerability if not carefully treated. The attacker may use External Redirects to trick users into phishing that replaces the content of the original browser window, e.g. your application, with potentially dangerous content.

How to fix “External Redirect”

There are several things you can do to minimize the danger of “External Redirect”:

Enforce users to click the link by themselves, with clear note that they are leaving your website.

Make sure not to use external data to create redirect URLs.

If possible use a fixed set of variables for creating redirects.

Implement a long waiting time for the redirect.

How does ScanRepeat report “External Redirect”

ScanRepeat verifies if it is possible to override the target of redirect and reports every occurence of such a vulnerability.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free