Detecting and Defending Against Server-Side Request Forgery

Presented by

Oscar Tovar, DAST Research and Development, WhiteHat Security

About this talk

Today’s web applications help us stay connected and are more than likely dependent on other services. This means that most web applications will utilize a server that sends off HTTP requests in order to receive the information that drives its content and features. Server sent requests happen so often that we may not even notice that they are utilized. From chat clients that pull metadata when a user posts a video link, to webhooks that are fired after a repository change happens, servers are constantly requesting information from other resources. While these features may be useful, it is important to take extra care when crafting the server sent requests using user input. This presentation covers characteristics found in functionalities that are commonly susceptible to SSRF attacks. Furthermore, it demonstrates how it can be used to escalate privileges, and how it can breach user information confidentiality. Attend this webinar to examine these scenarios and discuss in-depth safe input handling techniques that defend against Server-Side Request Forgery.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (58)
Subscribers (19708)
NTT Application Security is driving the future of application security. For nearly 20 years, organizations around the globe have relied on NTT Application Security to secure their business’ digital footprint in an increasingly application-driven world. Bolstered by its award-winning, cloud-based application security testing platform, NTT Application Security delivers industry-leading accuracy by combining artificial and human intelligence to help security teams quickly identify and remediate potential vulnerabilities. Formerly WhiteHat Security, the company is an independent, wholly-owned subsidiary of NTT Ltd. and is part of NTT’s security services portfolio. NTT Application Security is headquartered in San Jose, Calif., with regional offices in Houston and Belfast. For more information, visit