Server-Side Request Forgery (SSRF) is a serious vulnerability that has suddenly risen to prominence, and was on the OWASP Top 10 list for 2021.
An attacker exploiting SSRF can manipulate HTTP requests to get the vulnerable web application to make requests and fetch responses from internal or sensitive hosts inside the network. Today, it’s being leveraged extensively by attackers in real-world security breaches against web applications.
In this training, we’re going to explore real-world examples of SSRF from an attack and defense perspective. We start by learning the history and impact of SSRF, and the various types of attacks that can be performed with it.
Our hands-on labs will take you through a gamut of SSRF attacks based on HTTP clients, library-based attacks with Weasyprint, and more. We’ll also learn to defend against SSRF by attacking and securing a Go web app.