/
web app pentesting
/
server side request forgery ssrf
Menu
Server-side request forgery (SSRF)
Main Ideas
What is SSRF?
Simple Example
SSRF attacks against the server
SSRF attacks against other back-end systems
Obfuscating common SSRF defenses
1. SSRF with blacklist-based input filters
2. SSRF with whitelist-based input filters
3. Bypassing SSRF filters via open redirection
blind SSRF
How to find and exploit blind SSRF vulnerabilities
Finding hidden attack surface for SSRF vulnerabilities
