A10:2021 | Server Side Request Forgery (4) | Cycubix Docs


To prevent SSRF vulnerabilities in web applications, it is recommended to adhere to the following guidelines:

  • Use a whitelist of allowed domains, resources, and protocols from where the webserver can fetch resources.

  • Any input accepted from the user should be validated and rejected if it does not match the positive specification expected.

  • If possible, do not accept user input in functions that control where the webserver can fetch resources.



Last updated