Server-side request forgery

 

Server-side request forgery

As a recent addition to the OWASP Top 10, server-side request forgeries (SSRF) occur when flaws in web applications allow malicious parties to access or even modify resources simply by abusing basic server functionality. This approach is sometimes compared to cross-site scripting (XSS) and cross-site request forgery (CSRF) but involves a compromised server rather than a compromised client.

Mishandled URLs often rest at the center of these attacks, with malicious parties either supplying URLs or modifying existing ones, to the point that they can gain access to internal data such as server configuration details. While data exposure is the chief risk, SSRF attacks can also be leveraged to amplify Cross-Site Port Attacks (XSPA).

https://www.sitelock.com/blog/top-10-owasp-vulnerabilities/