A Deep Dive into SSRF

Logo
Presented by

Michael Burch, Director of Application Security at Security Journey

About this talk

Server-Side Request Forgery (SSRF) attacks make news. We've heard the stories of victim organizations who report data loss and a lot of negative chatter in the news among technical communities. Malicious actors executing this attack can do so because we create trust relationships between software and systems based on security assumptions. Mitigation advice is everywhere - input validation, zero-trust architecture, safe listing - just to name a few. We've built lessons around strategies to combat SSRF. But why are we choosing those? In this session, you'll learn how attackers abuse trust relationships, identify different types of SSRF attacks and apply appropriate mitigations to secure your environment.

Related topics:
AppSec
Application Security
SSRF
Secure Code
Developers
Security Testing
Web Application Security
SDLC
Security Culture
secure Coding Training

More from this channel

Security Journey AppSec Education logo
Security Journey AppSec Education
Upcoming talks (0)
On-demand talks (9)
Subscribers (568)
Security Journey offers robust application security education tools to help developers and the entire SDLC team recognize and understand vulnerabilities and threats and proactively mitigate these risks. The knowledge learners acquire in our programs goes beyond helping learners code more securely – it turns everyone in the SDLC into security champions.