all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OWASP API7:2023 Server Side Request Forgery(SSRF)

Add to bookmarks
Feb. 15, 2024, noon | Panchanan Panigrahi

DEV Community dev.to

Server-Side Request Forgery (SSRF) flaws occur when an API is fetching a remote resource without validating the user-supplied URL. It enables an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall or a VPN.





SSRF in Modern Application 🚀



Modern concepts in application development make SSRF more common and more dangerous.


More common - the following concepts encourage developers to access an external resource based on user input: Webhooks, …

api application attacker beginners coerce concepts cybersecurity devsecops firewall flaws forgery owasp request resource send server server side server-side request forgery ssrf url vpn

Visit resource

More from dev.to / DEV Community

How to Get a Free Custom Domain 2 hours ago | dev.to
article branding can custom +16
Rebuilding TensorFlow 2.8.4 on Ubuntu 22.04 to patch vulnerabilities 2 hours ago | dev.to
ai amp context critical +17
Keyoxide Identity Proof 3 hours ago | dev.to
claim control dev fingerprint +5
Keyoxide/Ariadne Identity Verification 4 hours ago | dev.to
account control dev fingerprint +7
Unleash The Power of Azure: Creating A Linux VM with SSH keys Security. 5 hours ago | dev.to
access azure cloud cloudengineering +22
Use CloudFlare Workers and D1 to Create a Completely Free CRUD API 6 hours ago | dev.to
api backenddevelopment cdn cloud +24
IOT Raspberry Pi using Azure 7 hours ago | dev.to
above account azure azurefunctions +16
Build a password manager with Rust - Part 2 16 hours ago | dev.to
application article build can +13
Security Features in Push Protocol: Ensuring Safe Communication 16 hours ago | dev.to
applications blockchain communication dapps +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com