Chaos Computer Club - recent events feed   /     SSRF: Attacks, Defense and Status Quo (god2024)

Description

Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF). The talk explains what SSRF is, how it can be used to exploit servers, and how to defend against it, which is surprisingly complex. Finally, we will discuss our research on the prevalence of countermeasures in the wild. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

Subtitle
Duration
00:10:25
Publishing date
2024-11-13 16:15
Link
https://media.ccc.de/v/god2024-56281-ssrf-attacks-defense-and-s
Contributors
  Malte Wessels
author  
Enclosures
https://cdn.media.ccc.de/events/god/2024/h264-hd/god2024-56281-eng-SSRF_Attacks_Defense_and_Status_Quo_hd.mp4
video/mp4