SSRF
Server-Side Request Forgery
Server-Side Request Forgery is a vulnerability where an attacker forces a server to make HTTP requests to unintended destinations. SSRF can access internal services, cloud metadata endpoints, and private network resources that are not directly reachable from the internet.
Cómo se usa en ciberseguridad
Penetration testers target URL parameters, webhooks, and file import features to test for SSRF in web applications. Security engineers block SSRF by validating and restricting outbound requests from application servers. Cloud security teams monitor for SSRF attempts against instance metadata services like AWS IMDSv1.
Las definiciones son explicaciones originales escritas con fines de desarrollo profesional. Para definiciones técnicas autorizadas, consulta NIST, ISO o el organismo de normalización correspondiente.