Spotlight on the Server-Side: A Guide to SSRF Vulnerabilities

Server-side request forgery (or SSRF) vulnerabilities can lead to total system compromise and allow access to an organization’s internal or cloud infrastructure if exploited. Today, SSRF vulnerabilities are among the top ten highest-paid vulnerabilities on HackerOne, earning hackers over $100,000 in any given month. SSRF bugs were relatively benign as they only allowed internal network scanning and sometimes access to internal admin panels. The advent of cloud architecture has inadvertently exposed organizations to more risk due to cloud metadata service.