A10:2021 Server Side Request Forgery (SSRF)
A10:2021 — Server Side Request Forgery (SSRF)
Common vulnerabilities in this category look like§
Defensive Design & Prevention§
- Segment remote resource access functionality in separate networks to reduce the impact of SSRF
- Enforce “deny by default” firewall policies or network access control rules to block all but essential intranet traffic.
- Establish an ownership and a lifecycle for firewall rules based on applications.
- Log all accepted and blocked network flows on firewalls (see A09:2021-Security Logging and Monitoring Failures).