concept

Server Side Request Forgery

Server Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to induce a server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. This typically occurs when an application fetches a remote resource without properly validating user-supplied URLs, enabling attackers to access internal systems, interact with backend services, or bypass firewalls. It can lead to sensitive data exposure, remote code execution, or network reconnaissance.

Also known as: SSRF, Server-Side Request Forgery, Server Side Request Forgery (SSRF), Server-Side Request Forgery vulnerability, SSRF attack
🧊Why learn Server Side Request Forgery?

Developers should learn about SSRF to build secure applications that validate and sanitize all user inputs, especially URLs used for server-side requests. This is critical in microservices architectures, cloud environments, or applications that integrate with third-party APIs, where uncontrolled requests can expose internal infrastructure. Understanding SSRF helps prevent attacks like accessing metadata services (e.g., AWS IMDS) or internal admin panels.

Compare Server Side Request Forgery

Server Side Request Forgery vs Cross Site Request ForgeryServer Side Request Forgery vs Sql InjectionServer Side Request Forgery vs Remote File Inclusion

Learning Resources

📄
OWASP SSRF Guide
docs
📝
PortSwigger SSRF Tutorial
tutorial
🎬
SSRF Exploitation Techniques - YouTube
video
📄
HackTricks SSRF Page
docs

Related Tools

Web SecurityInput ValidationApi SecurityPenetration TestingOwasp Top 10

Alternatives to Server Side Request Forgery

Cross Site Request ForgerySql InjectionRemote File Inclusion