Detections
Analytics
Server-Side Request Forgery
Description
In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests towards internal services which are not intended to be exposed.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Web App Scanning | Web Applications | Authenticated Scan | HTTP/HTTPS | Server Side Request Forgery | Plugin ID: 112439 |
References
Attack Path Technique Details
Framework: OWASP
Technique: Server Side Request Forgery
Sub-Technique: Server Side Request Forgery
Platform: Web Application
Products Required: Tenable Web App Scanning
Tenable Release Date: 2022 Q2