fbpx
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
 
A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with.
 
 
 
 
In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution.
 
An SSRF exploit that causes connections to external third-party systems might result in malicious onward attacks that appear to originate from-- the legitimate organization hosting the vulnerable application (just imagine that you are having Amazon Web Service, AWS for your operations or security), which may lead to potential legal liabilities and reputational damage to that organization.
 
In this example, you would think that AWS has launched an attack on your company. As a result AWS, may have to face legal liabilities and it may damage their reputation as well.
 

What are common SSRF attacks?

SSRF attacks often exploit trust-relationships to escalate an attack from the vulnerable application and perform unauthorized actions. These trust relationships might exist in relation to the server itself, or in relation to other back-end systems within the same organization.
  • SSRF attacks against the server itself.
  • SSRF attacks against other back-end systems.
There are many ways an attacker can circumvent most of defenses you may have implemented against the SSRF attacks.
 
 

This Article Was Written & published by Meena R,  Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India. 

Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...

She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms. 

34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook. 

If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:

Click Here to follow her: Cybersecurity PRISM