Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
Great find by the @absoluteappsec folks. Flag redirects that pass false into the 2nd parameter. Redirects are typically used in older web forms projects for custom authorization. It's interesting that the documentation actually says to use "false" to improve performance.
Setting false will allow execution to continue after the redirect line is executed and responses will include the view's data. E.g. Redirect to login on an admin page that has sensitive info. Revealing additional admin endpoints, which can also be invoked if the same line exists in those admin endpoints.
Great find by the @absoluteappsec folks. Flag redirects that pass false into the 2nd parameter. Redirects are typically used in older web forms projects for custom authorization. It's interesting that the documentation actually says to use "false" to improve performance.
Setting false will allow execution to continue after the redirect line is executed and responses will include the view's data. E.g. Redirect to login on an admin page that has sensitive info. Revealing additional admin endpoints, which can also be invoked if the same line exists in those admin endpoints.
https://docs.microsoft.com/en-us/dotnet/api/system.web.httpresponse.redirect?view=netframework-4.7.2