SSRF Vulnerability From a Developer’s Perspective
Introduction
OWASP Top 10 provides users a list of vulnerabilities in the field of application security. This list is prepared based on the severity of the occurrence of an attack, SSRF is one of them. SSRF attacks mostly have a high severity as with this attack an attacker can fetch a lot of details from the server such as the version of the protocol that is being used, and can access some of the files on the server which might have the sensitive information. These files can also be used to take control of the server if credentials are being leaked. There are multiple methods for SSRF exploitation but the main aim of the attacker is to bypass the firewall restriction so he can access the internal systems and networks.
What are SSRF/Server Side request Forgery attacks?
In this attack an attacker can force a malicious server to execute a malicious request on a third party server or an internal server. Sometimes an attacker has less control or partial control on the server as a lot of internal services are not being exposed to the external users, if a user is redirecting a request through their server it might bypass the internal server…