server side request forgery Archives - Include Security Research Blog

Mitigating SSRF in 2023

August 28, 2024March 20, 2023 — Laurence Tennant

Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to trick a server-side application to make a request to an unintended location. SSRF, unlike most other specific vulnerabilities, has gained its own spot on the OWASP Top 10 2021. This reflects both how common and how impactful this type of vulnerability has become. … Read more

Introducing: SafeURL – A set of SSRF Protection Libraries

August 28, 2024August 19, 2016 — Code by IncludeSec team, with contributions by our Intern Mohammad Al Amin

Note: The SafeURL libraries are no longer maintained and we recommend considering other SSRF mitigation approaches alongside application-layer SSRF protection libraries. See our 2023 blog post for more details. At Include Security, we believe that a reactive approach to security can fall short when it’s not backed by proactive roots. We see new offensive tools … Read more