Beginner

Server-Side Request Forgery: Attack & Defense

Learning Path
Application Security Essentials
Ideal for
Developer
Security Engineer
Security Champion
4
Hours
7
Lessons
4
Cloud Labs

Server-Side Request Forgery (SSRF) is a serious vulnerability that has suddenly risen to prominence, and was on the OWASP Top 10 list for 2021. 

An attacker exploiting SSRF can manipulate HTTP requests to get the vulnerable web application to make requests and fetch responses from internal or sensitive hosts inside the network. Today, it’s being leveraged extensively by attackers in real-world security breaches against web applications. 

In this training, we’re going to explore real-world examples of SSRF from an attack and defense perspective. We start by learning the history and impact of SSRF, and the various types of attacks that can be performed with it.

Our hands-on labs will take you through a gamut of SSRF attacks based on HTTP clients, library-based attacks with Weasyprint, and more. We’ll also learn to defend against SSRF by attacking and securing a Go web app.

You might also like these courses

Or explore these Learning Paths

Labs

SSRF Urllib - Python

Weasyprint SSRF - Python

Docx XXE - Python

Go SSRF Attack and Defense

Hands-on. Defensive. Bleeding-Edge.

There's no other training platform that does all three. Except AppSecEngineer.
Get Our Newsletter
Get Started
X
FOLLOW APPSECENGINEER
CONTACT

Contact Support

help@appsecengineer.com

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023