Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CodeSignal

Server-Side Request Forgery (SSRF)

via CodeSignal

Overview

This course explores Server-Side Request Forgery vulnerabilities where attackers trick the server into making unintended requests. You'll learn how to exploit SSRF in our pastebin application's URL import, webhook, and preview features, then implement robust defenses.

Syllabus

  • Unit 1: Understanding SSRF Vulnerabilities
    • Getting Familiar with the Environment
  • Unit 2: Exploiting and Defending Against SSRF in URL Import
    • Exploiting SSRF in URL Import
    • Implementing URL Parsing and Protocol Validation
    • Implementing Hostname Blocklist Defense Layer
    • Implementing DNS Resolution SSRF Protection
    • Completing and Testing SSRF Defense System
  • Unit 3: Bypassing SSRF Filters
    • Exploiting Weak String Based Blocklists
    • Implementing IP Normalization with ipaddr.js
    • Adding DNS Resolution for Domain Validation
    • Using Library Range Validation Comprehensively
    • Preventing Redirect Chains and Timeouts
  • Unit 4: Blind SSRF Exploitation
    • Exploiting Blind SSRF with Side Channels
    • Adding Protocol Validation to Webhooks
    • Restricting Webhook Ports for Defense
    • Implementing Domain Allowlist for Webhooks
    • Completing Defense in Depth Protection
  • Unit 5: Achieving Remote Code Execution
    • Exploiting Redis Through Protocol Abuse
    • Implementing Protocol Validation Defense Layer
    • Adding Port Restrictions to Block Services
    • Building Comprehensive SSRF Defense Middleware
    • Integrating Middleware for Complete Protection

Reviews

Start your review of Server-Side Request Forgery (SSRF)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.