Find out about the latest from Cloudmersive.

Server-Side Request Forgery: Back in the OWASP Top 10
10/5/2023 - Brian O'Neill

blue dotted scape

The most recent edition of OWASP’s top-10 security vulnerabilities was published in July of this year (2023), and a familiar threat was once more included in that ranking.

Coming in at 7th this year – three slots higher than the 10th place slot it occupied in the 2021 OWASP ranking – was Server-Side Request Forgery (SSRF), a well-known vulnerability that enables attackers to control where server-side applications make requests. This type of attack is often used to leak important/sensitive data from an organization by exploiting trust relationships between internal servers.

There are a few key steps we can take to mitigate SSRF vulnerabilities, such as altering the way we represent the IP or utilizing URL encoding techniques to obscure our blocked strings.

In addition, we can take advantage of the Cloudmersive Security API for advanced network threat detection. We can use the SSRF Detection iteration of the Security API to check if an URL is at risk of being an SSRF attack, and we can input blocked domains along with our URL string request. The API will return a CleanURL Boolean response, along with a Threat Level description string. Like all Cloudmersive APIs, the Security API is a turnkey, low-code solution designed to be easy for developers to use.

For more information about deploying the Cloudmersive Security API, please do not hesitate to reach out to a member of our sales team.

800 free API calls/month, with no expiration

Get started now! or Sign in with Google

Questions? We'll be your guide.

Contact Sales