From the course: The OWASP API 2023 Top 10: An Overview
Join today to access over 24,100 courses taught by industry experts.
API7:2023 Server-Side Request Forgery
From the course: The OWASP API 2023 Top 10: An Overview
API7:2023 Server-Side Request Forgery
- [Davin] Number 7 on the OWASP API Top 10 is Server-Side Request Forgery, another new but necessary addition to the top 10. OWASP says, "Server-side request forgery, or SSRF, flaws can occur when an API is fetching a remote resource without validating the user-supplied URI. This enables an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall or a VPN." Now, I know that may sound confusing and intimidating. It even took me a while to fully understand this vulnerability when I learned it. But don't worry, I'm here to break it down for you. The important thing to keep in mind when it comes to Server-Side Request Forgery, or SSRF, is that this vulnerability can be really, really bad as it allows attackers to manipulate the application's API and make unintended requests to both internal and external resources. The consequences of an SSRF attack can be very…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
API1:2023 Broken Object-Level Authorization3m 39s
-
(Locked)
API2:2023 Broken Authentication2m 54s
-
(Locked)
API3:2023 Broken Object-Property-Level Authorization3m 46s
-
(Locked)
API4:2023 Unrestricted Resource Consumption3m 9s
-
(Locked)
API5:2023 Broken Function-Level Authorization3m 8s
-
(Locked)
API6:2023 Unrestricted Access to Sensitive Business Flows2m 54s
-
(Locked)
API7:2023 Server-Side Request Forgery2m 11s
-
(Locked)
API8:2023 Security Misconfigurations3m 40s
-
(Locked)
API9:2023 Improper Inventory Management3m 5s
-
(Locked)
API10:2023 Unsafe Consumption of APIs3m 33s
-
(Locked)
-