all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OWASP API7:2023 Server Side Request Forgery(SSRF)

Add to bookmarks
Feb. 15, 2024, noon | Panchanan Panigrahi

DEV Community dev.to

Server-Side Request Forgery (SSRF) flaws occur when an API is fetching a remote resource without validating the user-supplied URL. It enables an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall or a VPN.





SSRF in Modern Application 🚀



Modern concepts in application development make SSRF more common and more dangerous.


More common - the following concepts encourage developers to access an external resource based on user input: Webhooks, …

api application attacker beginners coerce concepts cybersecurity devsecops firewall flaws forgery owasp request resource send server server side server-side request forgery ssrf url vpn

Visit resource

More from dev.to / DEV Community

What is Container Scanning? an hour ago | dev.to
adversaries application application development applications +21
We just raised our $17 million Series A 2 hours ago | dev.to
big board capital connect +9
Answer: ImportError: No module named xgboost 3 hours ago | dev.to
check control download environment +7
Zen of debugging: 5 tips for beginners 3 hours ago | dev.to
article beginners best practices career +17
Enhancing security for Lambda function URLs 5 hours ago | dev.to
access access control aws cloudfront +14
Linux Basics: A Clear Guide to Getting Started 6 hours ago | dev.to
basics can clear cloud +14
Exploring the Power of Zero Trust Authentication 6 hours ago | dev.to
authentication beacon chaos cyber +18
10 Best Websites for practicing Data Structures and Algorithms (DSA): 9 hours ago | dev.to
algorithms array cases code +16
Why Switching From Notion to Obsidian Might Be Your Best Productivity Hack Ever! 10 hours ago | dev.to
applications can digital efficiency +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs