DiscoverChaos Computer Club - archive feed (high quality)SSRF: Attacks, Defense and Status Quo (god2024)
SSRF: Attacks, Defense and Status Quo (god2024)

SSRF: Attacks, Defense and Status Quo (god2024)

Update: 2024-11-13
Share

Description

Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF).

The talk explains what SSRF is, how it can be used to exploit servers, and how to defend against it, which is surprisingly complex.

Finally, we will discuss our research on the prevalence of countermeasures in the wild.

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://c3voc.de
Comments 
loading
In Channel
The Elephant on an Adventure: A Custom-Built Shelter for Network Devices (denog16)

The Elephant on an Adventure: A Custom-Built Shelter for Network Devices (denog16)

2024-11-1827:24

DENOG16 Opening (denog16)

DENOG16 Opening (denog16)

2024-11-1836:17

Newcomer Session (denog16)

Newcomer Session (denog16)

2024-11-1818:35

Closing (god2024)

Closing (god2024)

2024-11-1304:01

Modern solutions against Cross-Site Attacks (god2024)

Modern solutions against Cross-Site Attacks (god2024)

2024-11-1327:11

Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike (god2024)

Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike (god2024)

2024-11-1323:43

Protecting Web Applications with Project Foxhound (god2024)

Protecting Web Applications with Project Foxhound (god2024)

2024-11-1311:31

SSRF: Attacks, Defense and Status Quo (god2024)

SSRF: Attacks, Defense and Status Quo (god2024)

2024-11-1310:25

„Well, What Would You Say if I Said That You Could?” – Scanning for Vulnerabilities Without Getting Into Trouble (god2024)

„Well, What Would You Say if I Said That You Could?” – Scanning for Vulnerabilities Without Getting Into Trouble (god2024)

2024-11-1327:07

SAP from an Attacker's Perspective – Common Vulnerabilities and Pitfalls (god2024)

SAP from an Attacker's Perspective – Common Vulnerabilities and Pitfalls (god2024)

2024-11-1322:35

Network Fingerprinting for Securing User Accounts - Opportunities and Challenges (god2024)

Network Fingerprinting for Securing User Accounts - Opportunities and Challenges (god2024)

2024-11-1325:00

The Debian OpenSSL bug and other Public Private Keys (god2024)

The Debian OpenSSL bug and other Public Private Keys (god2024)

2024-11-1321:50

GenAI im Threat Modeling (god2024)

GenAI im Threat Modeling (god2024)

2024-11-1309:57

GenAI in the Battle of Security: Attacks, Defenses, and the Laws Shaping AI's Future (god2024)

GenAI in the Battle of Security: Attacks, Defenses, and the Laws Shaping AI's Future (god2024)

2024-11-1328:56

Overview of OWASP AI Exchange: A Comprehensive Guide to AI Security (god2024)

Overview of OWASP AI Exchange: A Comprehensive Guide to AI Security (god2024)

2024-11-1321:46

NIS2 entmystifiziert - Was Unternehmen nun tun müssen (god2024)

NIS2 entmystifiziert - Was Unternehmen nun tun müssen (god2024)

2024-11-1323:14

The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems (god2024)

The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems (god2024)

2024-11-1331:29

How (Not) to Use OAuth in 2024 (god2024)

How (Not) to Use OAuth in 2024 (god2024)

2024-11-1336:48

OWASP Juice Shop 10th anniversary: Is it still fresh? (god2024)

OWASP Juice Shop 10th anniversary: Is it still fresh? (god2024)

2024-11-1331:59

Begrüßung (god2024)

Begrüßung (god2024)

2024-11-1304:16

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SSRF: Attacks, Defense and Status Quo (god2024)

SSRF: Attacks, Defense and Status Quo (god2024)

Malte Wessels