Mastering Server-Side Request Forgery (SSRF) Vulnerabilities

How to Find, Exploit and Defend Against SSRF Vulnerabilities. For Ethical Hackers, Developers & Pentesters

Created by: Experts with David Bombal
Experts helping you become an expert.

Created by: Rana Khalil
Application Security Engineer Team Lead

What Will I Learn?

• Learn how to find SSRF vulnerabilities from a black box and white box perspective.
• Gain hands-on experience exploiting SSRF vulnerabilities using Burp Suite Community and Professional editions.
• Learn secure coding practices to prevent and mitigate SSRF vulnerabilities.
• Learn how to exploit SSRF vulnerabilities of varying difficulty levels.
• Learn how to automate attacks in Python.

Requirements

• Basic knowledge of computers (i.e. how to use the internet).
• Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
• Latest version of Kali Linux VM (free download).
• PortSwigger Web Security Academy account to access the labs (free registration).

Target audience

• Penetration testers that want to understand how to find and exploit SSRF vulnerabilities.
• Software developers that want to understand how to defend against SSRF vulnerabilities.
• Bug bounty hunters that want to understand how to find and exploit SSRF vulnerabilities.
• Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.
• Individuals preparing for the OSWE certification.