<div>
I have no problem using search, but what to search for? Are those two terms, &quot;redirect&quot; and &quot;window.location&quot;, comprehensive? Can you think of others to search for as well?<br />
<br />
You used &quot;etc&quot; and I am trying to unearth additional words I can search for.<br />
<br />
For example, I just found the following I can search for to get a URL that needs to be sanitized...<br />
<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; var returnUrl = context.HttpContext.Reques<wbr />t.RawUrl;
</div>


I have no problem using search, but what to search for? Are those two terms, "redirect" and "window.location", comprehensive? Can you think of others to search for as well?

You used "etc" and I am trying to unearth additional words I can search for.

For example, I just found the following I can search for to get a URL that needs to be sanitized...

            var returnUrl = context.HttpContext.Request.RawUrl;

<div>
<div class="content wysiwyg-content">
Need to find Redirects throughout multiple solutions so I can check for evil domains.<br />
<br />
I have designed the code to parse through a URL to find if a domain is not on a white list. But I need to check more than just the LogOn() function.<br />
<br />
How do I scan an entire C#.NET MVC solution to find the places where redirects take place and which could create the need to examine the URL for malicious domains...<br />
<br />
I will search for &quot;redirect&quot; and &quot;window.location,&quot; in all Javascript files. But I see the following...<br />
<br />
What do you suggest about how to find which calls need to have this malicious domain check?<br />
<br />
Thanks
</div>
</div>


Need to find Redirects throughout multiple solutions so I can check for evil domains.

I have designed the code to parse through a URL to find if a domain is not on a white list. But I need to check more than just the LogOn() function.

How do I scan an entire C#.NET MVC solution to find the places where redirects take place and which could create the need to examine the URL for malicious domains...

I will search for "redirect" and "window.location," in all Javascript files. But I see the following...

What do you suggest about how to find which calls need to have this malicious domain check?

Thanks

Searching my .NET Solution for spots which need a returnURL vulnerability check

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

JavaScript is a dynamic, object-based language commonly used for client-side scripting in web browsers. Recently, server side JavaScript frameworks have also emerged. JavaScript runs on nearly every operating system and  in almost every mainstream web browser.

JavaScript

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.