LAB 304 – Defending Node.js Applications Against Open Redirect (NEW)

Course Overview

Open Redirect vulnerabilities arise when applications redirect a user’s browser to a URL based on unverified GET request parameters provided to the application. While the user believes they are being redirected to a legitimate website, an Open Redirect vulnerability allows the attacker to lead them to a malicious website. To avoid or address Open Redirect vulnerabilities, you can use allow lists or lookup tables to determine the destinations of redirects, show a warning page before redirecting users to external URLs, or remove the redirect functionality from your application. This Defending Node.js Applications Against Open Redirect Skill Lab offers a virtual environment that includes a vulnerable application and its complete source code to train developers on identifying and addressing Open Redirect vulnerabilities.

After completing this lab, the learner will understand how to defend Node.js applications against open redirect vulnerabilities by receiving hands-on experience testing for these vulnerabilities and implementing a suitable mitigation.