[Application security] How to conduct server-side request forgery (SSRF)

Takahiro Oda

10 min readJan 18, 2022

What we will do in this article

1: set up an initial environment using Docker

2: conduct server-side request forgery (SSRF)

What is server-side request forgery (SSRF)?

A10 Server Side Request Forgery (SSRF) - OWASP Top 10:2021

This category is added from the Top 10 community survey (#1). The data shows a relatively low incidence rate with above…

owasp.org

SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).
As modern web applications provide end-users with convenient features, fetching a URL becomes a common scenario. As a result, the incidence of SSRF is increasing. Also, the severity of SSRF is becoming higher due to cloud services and the complexity of architectures.

https://portswigger.net/web-security/ssrf

How to Prevent

From Network layer

Segment remote resource access…

[Application security] How to conduct server-side request forgery (SSRF)

What we will do in this article

What is server-side request forgery (SSRF)?

A10 Server Side Request Forgery (SSRF) - OWASP Top 10:2021

This category is added from the Top 10 community survey (#1). The data shows a relatively low incidence rate with above…

How to Prevent

From Network layer

Written by Takahiro Oda