What is Server Side Request Forgery?

Server side request forgery is one of the web vulnerabilities which allows an attacker to use the backend server to make unintended requests to the internal systems. This way an attacker can gain access to the internal systems which are blocked by firewalls, if the application uses a cloud platform like AWS then a vulnerable application can result in the attacker accessing the metadata instances which has a lot of juicy information such as security keys of IAM roles etc.

Read more Server Side Request Forgery — SSRF

4 Likes