Dive into the dynamic world of Server-Side Request Forgery (SSRF) with our immersive course designed for developers and security experts. Master attacking and defending against SSRF vulnerabilities through interactive, hands-on modules that blend practical labs and real-world scenarios.
In the Attack modules, you'll explore and exploit SSRF vulnerabilities, learning to manipulate server requests for unauthorized data access. The Defense modules pivot to securing applications, focusing on input validation, access controls, and network defenses to shield against SSRF threats.
The course culminates with the Challenge module, testing your skills in both offense and defense through complex scenarios. Equip yourself with the expertise to identify vulnerabilities and fortify defenses, making you a pivotal player in the cybersecurity field.
Introduction
Learning Objectives
Why Does SSRF Happen
Example of a SSRF
Attacking and Defending against SSRF
Attack:
What is Server-Side Request Forgery (SSRF)?
SSRF attacks unfold in the following manner\Impact of Server-Side Request Forgery (SSRF)
Exploitation of Server-Side Request Forgery (SSRF) Towards Cloud Providers
Let us start our DIY Attack Lab -> A guide for user to start their lab
An attack lab showcasing external endpoint impact
An attack lab showcasing internal endpoint impact
Vulnerable code investigation
Defense:
Shows defending the said vulnerable application against this attack
Challenge: SSRF