A10:2021 | Server Side Request Forgery (4) | Cycubix Docs
Prevent
To prevent SSRF vulnerabilities in web applications, it is recommended to adhere to the following guidelines:
Use a whitelist of allowed domains, resources, and protocols from where the webserver can fetch resources.
Any input accepted from the user should be validated and rejected if it does not match the positive specification expected.
If possible, do not accept user input in functions that control where the webserver can fetch resources.
References
Last updated