From the course: Learning the OWASP Top 10
Join today to access over 24,700 courses taught by industry experts.
Server-side request forgery (SSRF)
From the course: Learning the OWASP Top 10
Server-side request forgery (SSRF)
- [Instructor] The 10th and final item in the 2021 OWASP Top 10 is Server Side Request Forgery, also known as SSRF. OWASP says, "SSRF flaws allow an attacker to coerce the application, to send a crafted request to an unexpected destination." When SSRF is present in a web application, the attackers can send requests while pretending to be the victim server. Because the server is a trusted entity, these requests may result in access to sensitive, and administrative functions like internal API calls and database queries. SSRF can occur when servers send requests to fetch external resources, this is a normal behavior. For example, when a web app needs to display a graphic that is stored somewhere else. However, to prevent SSRF, an only-allowed or not-allowed list should be enforced. If you know that legitimate external resources are coming from a specific location, then you can allow only that IP…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Broken access control4m 37s
-
(Locked)
Cryptographic failures3m
-
(Locked)
Injection4m 19s
-
(Locked)
Insecure design2m 58s
-
(Locked)
Security misconfiguration3m 6s
-
(Locked)
Vulnerable and outdated components3m 2s
-
(Locked)
Identification and authentication failures3m 17s
-
(Locked)
Software and data integrity failures3m 35s
-
(Locked)
Security logging and monitoring failures3m 17s
-
(Locked)
Server-side request forgery (SSRF)1m 43s
-
-