{"id":448,"date":"2024-08-29T08:00:00","date_gmt":"2024-08-27T13:38:24","guid":{"rendered":"http:\/\/ai-biztonsag.hu\/?p=448"},"modified":"2024-08-27T15:39:23","modified_gmt":"2024-08-27T13:39:23","slug":"server-side-request-forgery-ssrf","status":"publish","type":"post","link":"http:\/\/ai-biztonsag.hu\/?p=448","title":{"rendered":"Server-side request forgery (SSRF)"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<h1>Prevent Server-Side Request Forgery<\/h1>\n<p>      <span class=\"highlight\">Secure your web applications by understanding and preventing Server-Side Request Forgery (SSRF).<\/span> Learn how to protect sensitive data and prevent unauthorized access.  <\/p>\n<section>\n<h2>TL;DR<\/h2>\n<ul>\n<li>SSRF allows attackers to send malicious requests from your server.<\/li>\n<li>These requests can access sensitive data and functions.<\/li>\n<li>Whitelist trusted sources and blacklist untrusted ones.<\/li>\n<li>Implement robust access controls to protect your resources.<\/li>\n<li>Stay updated with security practices to mitigate SSRF risks.<\/li>\n<\/ul>\n<\/section>\n<section>\n<h2>Understanding SSRF<\/h2>\n<p>          <span class=\"highlight\">Server-Side Request Forgery (SSRF) is a vulnerability that allows attackers to send requests from your server to an unintended destination.<\/span> This happens when the attacker can trick the server into sending requests, often to access or modify sensitive information.      <\/p>\n<p>          <span class=\"highlight\">When a web application relies on external resources, SSRF can become a critical issue.<\/span> For instance, if an application needs to show an image that&#39;s stored on another server, it sends a request to fetch it. An attacker can exploit this behavior to send a crafted request, appearing to come from the victim server itself.      <\/p>\n<\/section>\n<section>\n<h2>How SSRF Works<\/h2>\n<p>          <span class=\"highlight\">Attackers exploit SSRF by sending specially crafted requests to your server.<\/span> These requests are formed in such a way that the server processes them as if they were legitimate requests from a trusted source.      <\/p>\n<p>          Once the server processes these malicious requests, <span class=\"highlight\">attackers can access administrative functions, internal APIs, and databases.<\/span> This access is dangerous because the server is a trusted entity, often bypassing regular security measures.      <\/p>\n<\/section>\n<section>\n<h2>Real-World Example<\/h2>\n<p>          Imagine your web application has a feature that fetches and displays profile pictures from an external URL. <span class=\"highlight\">An attacker could manipulate this feature to send a request to an internal API endpoint instead of the intended image URL.<\/span> Since the request originates from your server, the API might expose sensitive data assuming it&#39;s a trusted request.      <\/p>\n<\/section>\n<section>\n<h2>Preventing SSRF<\/h2>\n<p>          <span class=\"highlight\">To prevent SSRF, implementing whitelist and blacklist checks is essential.<\/span> A whitelist only allows requests to trusted IP addresses or hostnames, ensuring that the server interacts with known and trusted entities.      <\/p>\n<p>          In cases where a whitelist can&#39;t be used, <span class=\"highlight\">a blacklist should be implemented to block requests to sensitive internal resources.<\/span> This method ensures that even if an attacker attempts to send a harmful request, it will be blocked due to not being on the trusted list.      <\/p>\n<\/section>\n<section>\n<h2>Best Practices<\/h2>\n<ul>\n<li><span class=\"highlight\">Regularly update your server and application software<\/span> to include the latest security patches.<\/li>\n<li><span class=\"highlight\">Employ robust input validation<\/span> to ensure all user-supplied data is well-formed and secure.<\/li>\n<li><span class=\"highlight\">Use network layer isolation<\/span>, ensuring internal services are not directly accessible from the external network.<\/li>\n<li><span class=\"highlight\">Monitor and log all incoming requests<\/span> for unusual patterns or unauthorized attempts.<\/li>\n<li><span class=\"highlight\">Stay informed about the latest security vulnerabilities and measures<\/span>, especially those listed in the OWASP Top 10.<\/li>\n<\/ul>\n<\/section>\n<section>\n<h2>Conclusion<\/h2>\n<p>          <span class=\"highlight\">Server-Side Request Forgery is a serious vulnerability that can compromise your web application&#39;s security.<\/span> By understanding how SSRF works and implementing preventive measures, you can significantly reduce the risk it poses. Regular updates, robust input validation, and employing access controls are critical components of a strong security strategy.      <\/p>\n<\/section><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Prevent Server-Side Request Forgery Secure your web applications by understanding and preventing Server-Side Request Forgery (SSRF). Learn how to protect sensitive data and prevent unauthorized access. TL;DR SSRF allows attackers to send malicious requests from your server. These requests can access sensitive data and functions. Whitelist trusted sources and blacklist untrusted ones. Implement robust access &#8230; <a title=\"Server-side request forgery (SSRF)\" class=\"read-more\" href=\"http:\/\/ai-biztonsag.hu\/?p=448\" aria-label=\"Read more about Server-side request forgery (SSRF)\">Olvass tov\u00e1bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sas_skip_auto_schedule":false,"_sas_force_auto_schedule":false,"footnotes":""},"categories":[1],"tags":[],"series":[],"class_list":["post-448","post","type-post","status-publish","format-standard","hentry","category-kiberbiztonsag"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Server-side request forgery (SSRF) - AI &amp; biztons\u00e1g<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/ai-biztonsag.hu\/?p=448\" \/>\n<meta property=\"og:locale\" content=\"hu_HU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Server-side request forgery (SSRF) - AI &amp; biztons\u00e1g\" \/>\n<meta property=\"og:description\" content=\"Prevent Server-Side Request Forgery Secure your web applications by understanding and preventing Server-Side Request Forgery (SSRF). Learn how to protect sensitive data and prevent unauthorized access. TL;DR SSRF allows attackers to send malicious requests from your server. These requests can access sensitive data and functions. Whitelist trusted sources and blacklist untrusted ones. Implement robust access ... Olvass tov\u00e1bb\" \/>\n<meta property=\"og:url\" content=\"http:\/\/ai-biztonsag.hu\/?p=448\" \/>\n<meta property=\"og:site_name\" content=\"AI &amp; biztons\u00e1g\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-27T13:38:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-27T13:39:23+00:00\" \/>\n<meta name=\"author\" content=\"V\u00e9gh J\u00f3zsef\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Szerz\u0151:\" \/>\n\t<meta name=\"twitter:data1\" content=\"V\u00e9gh J\u00f3zsef\" \/>\n\t<meta name=\"twitter:label2\" content=\"Becs\u00fclt olvas\u00e1si id\u0151\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 perc\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/ai-biztonsag.hu\/?p=448\",\"url\":\"http:\/\/ai-biztonsag.hu\/?p=448\",\"name\":\"Server-side request forgery (SSRF) - AI &amp; biztons\u00e1g\",\"isPartOf\":{\"@id\":\"http:\/\/ai-biztonsag.hu\/#website\"},\"datePublished\":\"2024-08-27T13:38:24+00:00\",\"dateModified\":\"2024-08-27T13:39:23+00:00\",\"author\":{\"@id\":\"http:\/\/ai-biztonsag.hu\/#\/schema\/person\/49633f8b103ed4c199def9ea4dca1621\"},\"breadcrumb\":{\"@id\":\"http:\/\/ai-biztonsag.hu\/?p=448#breadcrumb\"},\"inLanguage\":\"hu\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/ai-biztonsag.hu\/?p=448\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/ai-biztonsag.hu\/?p=448#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Kezd\u0151lap\",\"item\":\"http:\/\/ai-biztonsag.hu\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Server-side request forgery (SSRF)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/ai-biztonsag.hu\/#website\",\"url\":\"http:\/\/ai-biztonsag.hu\/\",\"name\":\"AI & biztons\u00e1g\",\"description\":\"Mesters\u00e9ges intelligencia \u00e9s kiberbiztons\u00e1g\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/ai-biztonsag.hu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"hu\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/ai-biztonsag.hu\/#\/schema\/person\/49633f8b103ed4c199def9ea4dca1621\",\"name\":\"V\u00e9gh J\u00f3zsef\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hu\",\"@id\":\"http:\/\/ai-biztonsag.hu\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e2d1c8e6ee90b2a3baf22cbd28e42ba47ed33d1bfa72c0c6544beb69eb7cefce?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e2d1c8e6ee90b2a3baf22cbd28e42ba47ed33d1bfa72c0c6544beb69eb7cefce?s=96&d=mm&r=g\",\"caption\":\"V\u00e9gh J\u00f3zsef\"},\"sameAs\":[\"http:\/\/ai-biztonsag.hu\"],\"url\":\"http:\/\/ai-biztonsag.hu\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Server-side request forgery (SSRF) - AI &amp; biztons\u00e1g","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/ai-biztonsag.hu\/?p=448","og_locale":"hu_HU","og_type":"article","og_title":"Server-side request forgery (SSRF) - AI &amp; biztons\u00e1g","og_description":"Prevent Server-Side Request Forgery Secure your web applications by understanding and preventing Server-Side Request Forgery (SSRF). Learn how to protect sensitive data and prevent unauthorized access. TL;DR SSRF allows attackers to send malicious requests from your server. These requests can access sensitive data and functions. Whitelist trusted sources and blacklist untrusted ones. Implement robust access ... Olvass tov\u00e1bb","og_url":"http:\/\/ai-biztonsag.hu\/?p=448","og_site_name":"AI &amp; biztons\u00e1g","article_published_time":"2024-08-27T13:38:24+00:00","article_modified_time":"2024-08-27T13:39:23+00:00","author":"V\u00e9gh J\u00f3zsef","twitter_card":"summary_large_image","twitter_misc":{"Szerz\u0151:":"V\u00e9gh J\u00f3zsef","Becs\u00fclt olvas\u00e1si id\u0151":"2 perc"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/ai-biztonsag.hu\/?p=448","url":"http:\/\/ai-biztonsag.hu\/?p=448","name":"Server-side request forgery (SSRF) - AI &amp; biztons\u00e1g","isPartOf":{"@id":"http:\/\/ai-biztonsag.hu\/#website"},"datePublished":"2024-08-27T13:38:24+00:00","dateModified":"2024-08-27T13:39:23+00:00","author":{"@id":"http:\/\/ai-biztonsag.hu\/#\/schema\/person\/49633f8b103ed4c199def9ea4dca1621"},"breadcrumb":{"@id":"http:\/\/ai-biztonsag.hu\/?p=448#breadcrumb"},"inLanguage":"hu","potentialAction":[{"@type":"ReadAction","target":["http:\/\/ai-biztonsag.hu\/?p=448"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/ai-biztonsag.hu\/?p=448#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Kezd\u0151lap","item":"http:\/\/ai-biztonsag.hu\/"},{"@type":"ListItem","position":2,"name":"Server-side request forgery (SSRF)"}]},{"@type":"WebSite","@id":"http:\/\/ai-biztonsag.hu\/#website","url":"http:\/\/ai-biztonsag.hu\/","name":"AI & biztons\u00e1g","description":"Mesters\u00e9ges intelligencia \u00e9s kiberbiztons\u00e1g","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/ai-biztonsag.hu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"hu"},{"@type":"Person","@id":"http:\/\/ai-biztonsag.hu\/#\/schema\/person\/49633f8b103ed4c199def9ea4dca1621","name":"V\u00e9gh J\u00f3zsef","image":{"@type":"ImageObject","inLanguage":"hu","@id":"http:\/\/ai-biztonsag.hu\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e2d1c8e6ee90b2a3baf22cbd28e42ba47ed33d1bfa72c0c6544beb69eb7cefce?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e2d1c8e6ee90b2a3baf22cbd28e42ba47ed33d1bfa72c0c6544beb69eb7cefce?s=96&d=mm&r=g","caption":"V\u00e9gh J\u00f3zsef"},"sameAs":["http:\/\/ai-biztonsag.hu"],"url":"http:\/\/ai-biztonsag.hu\/?author=1"}]}},"_links":{"self":[{"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=\/wp\/v2\/posts\/448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=448"}],"version-history":[{"count":0,"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=\/wp\/v2\/posts\/448\/revisions"}],"wp:attachment":[{"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=448"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=448"},{"taxonomy":"series","embeddable":true,"href":"http:\/\/ai-biztonsag.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fseries&post=448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}