A10:2021 | Server Side Request Forgery (4) | Cycubix Docs

Prevent

To prevent SSRF vulnerabilities in web applications, it is recommended to adhere to the following guidelines:

  • Use a whitelist of allowed domains, resources, and protocols from where the webserver can fetch resources.

  • Any input accepted from the user should be validated and rejected if it does not match the positive specification expected.

  • If possible, do not accept user input in functions that control where the webserver can fetch resources.

References

https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

Last updated