All that Denis knows about SSRF and considers interesting. The auditor’s experience.
SSRF (Server-Side Request Forgery) is considered one of the most critical vulnerabilities in modern web applications. We’ll talk about how to configure your environment to easily detect vulnerabilities causing SSRF, which scenarios you should consider in order to cover most checks and increase your chances of detecting the vulnerability.
We’ll also discuss:
recommendations from personal experience of configuring own VDS host to detect SSRF;
ways of bypassing ill-implemented security techniques;
interesting cases of exploiting SSRF illustrated by bug bounty cases and personal experience.