06-17-2024, 10:56 PM
Mastering Server-Side Request Forgery (SSRF) Vulnerabilities
Published 1/2024
Duration: 3h10m | .MP4 1280x720, 30 fps® | AAC, 44100 Hz, 2ch | 1.8 GB
Genre: eLearning | Language: English
How to Find, Exploit and Defend Against SSRF Vulnerabilities. For Ethical Hackers, Developers & Pentesters
What you'll learn
Learn how to find SSRF vulnerabilities from a black box and white box perspective.
Gain hands-on experience exploiting SSRF vulnerabilities using Burp Suite Community and Professional editions.
Learn secure coding practices to prevent and mitigate SSRF vulnerabilities.
Learn how to exploit SSRF vulnerabilities of varying difficulty levels.
Learn how to automate attacks in Python.
Requirements
Basic knowledge of computers (i.e. how to use the internet).
Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
Latest version of Kali Linux VM (free download).
PortSwigger Web Security Academy account to access the labs (free registration).
Description
Server-Side Request Forgery (SSRF)
is a vulnerability that allows an attacker to coerce the application into making requests to unintended locations. SSRF attacks are typically used to establish connections with internal services, which are safeguarded by firewalls within an organization's infrastructure. This could result in sensitive data exposure, denial of service attacks, and in the most severe cases, remote code execution.
SSRF is ranked as the
10th most critical security risk
facing web applications today according to the
OWASP Top 10
list. Therefore, mastering the ability to identify and exploit SSRF vulnerabilities has become an essential and foundational skill.
In this course, we dive into the
technical details behind SSRF vulnerabilities
. We explore methods for detecting these vulnerabilities from both black-box and white-box perspectives, along with various techniques for exploiting them. Moreover, we provide insights into preventive and mitigative measures to safeguard against SSRF attacks.
This course goes beyond the basics, offering a well-balanced blend of
theoretical knowledge and practical experience
! It contains
seven hands-on lab exercises
of varying complexity levels, guiding you through the process of manually exploiting the vulnerability and then scripting and automating your exploits using Python.
By the end of this course, you'll not only have a solid understanding of SSRF vulnerabilities, but also the ability to identify and exploit these vulnerabilities in real-world applications. We've designed the course content to be
beginner-friendly
, so you'll never feel overwhelmed.
Whether you are a penetration tester, an application security specialist, a bug bounty hunter, a software developer, an ethical hacker, or simply someone intrigued by web application security, this course is for you!
Who this course is for:
Penetration testers that want to understand how to find and exploit SSRF vulnerabilities.
Software developers that want to understand how to defend against SSRF vulnerabilities.
Bug bounty hunters that want to understand how to find and exploit SSRF vulnerabilities.
Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.
Individuals preparing for the OSWE certification.
What you'll learn
Learn how to find SSRF vulnerabilities from a black box and white box perspective.
Gain hands-on experience exploiting SSRF vulnerabilities using Burp Suite Community and Professional editions.
Learn secure coding practices to prevent and mitigate SSRF vulnerabilities.
Learn how to exploit SSRF vulnerabilities of varying difficulty levels.
Learn how to automate attacks in Python.
Requirements
Basic knowledge of computers (i.e. how to use the internet).
Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
Latest version of Kali Linux VM (free download).
PortSwigger Web Security Academy account to access the labs (free registration).
Description
Server-Side Request Forgery (SSRF)
is a vulnerability that allows an attacker to coerce the application into making requests to unintended locations. SSRF attacks are typically used to establish connections with internal services, which are safeguarded by firewalls within an organization's infrastructure. This could result in sensitive data exposure, denial of service attacks, and in the most severe cases, remote code execution.
SSRF is ranked as the
10th most critical security risk
facing web applications today according to the
OWASP Top 10
list. Therefore, mastering the ability to identify and exploit SSRF vulnerabilities has become an essential and foundational skill.
In this course, we dive into the
technical details behind SSRF vulnerabilities
. We explore methods for detecting these vulnerabilities from both black-box and white-box perspectives, along with various techniques for exploiting them. Moreover, we provide insights into preventive and mitigative measures to safeguard against SSRF attacks.
This course goes beyond the basics, offering a well-balanced blend of
theoretical knowledge and practical experience
! It contains
seven hands-on lab exercises
of varying complexity levels, guiding you through the process of manually exploiting the vulnerability and then scripting and automating your exploits using Python.
By the end of this course, you'll not only have a solid understanding of SSRF vulnerabilities, but also the ability to identify and exploit these vulnerabilities in real-world applications. We've designed the course content to be
beginner-friendly
, so you'll never feel overwhelmed.
Whether you are a penetration tester, an application security specialist, a bug bounty hunter, a software developer, an ethical hacker, or simply someone intrigued by web application security, this course is for you!
Who this course is for:
Penetration testers that want to understand how to find and exploit SSRF vulnerabilities.
Software developers that want to understand how to defend against SSRF vulnerabilities.
Bug bounty hunters that want to understand how to find and exploit SSRF vulnerabilities.
Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.
Individuals preparing for the OSWE certification.
[To see links please register or login]