SSRF: Attacks, Defense and Status Quo (god2024)
Chaos Computer Club - archive feed · Malte Wessels
November 13, 202410m 25s
Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF).
The talk explains what SSRF is, how it can be used to exploit servers, and how to defend against it, which is surprisingly complex.
Finally, we will discuss our research on the prevalence of countermeasures in the wild.
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://c3voc.de
Topics
56281god2024god2024OWASPSaal 12024Day 1