The State of Server-Side Request Forgery Risks in 2022

Author(s):

Harry Wilson, Head of Digital Marketing Department, Globex Outreach

server-side request forgery

Perhaps one of the best Black Hat talks in recent years was renowned web security researcher Orange Tsai’s presentation about bypassing Server-Side Request Forgery (SSRF) defenses. Together with his team, Tsai proposed a “very general attack approach” to discover numerous zero-days in built-in libraries of widely-used programming languages including Java, PHP, Python, Perl, JavaScript and … Read more