Level: Technical

Abstract:
Server-Side Request Forgery (SSRF) vulnerabilities have been around for a long time, and they still pose a significant threat to web applications, so much so this kind of vulnerability has been included in OWASP TOP 10. This type of attack allows an attacker to send unauthorized requests from a vulnerable application, which can lead to data leakage, server-side request smuggling, and even full-scale remote code execution.

In this technical talk, we will explore the concept of SSRF attacks and how easy it is for developers to introduce these vulnerabilities into their code. We will delve into the technical details of SSRF, looking at some of the most common attack scenarios and how they can be exploited.

The focus of this talk will be on mitigating SSRF vulnerabilities in Go applications. We will explore:

  • what SSRF is and why audience should care about it when implementing web applications
  • the limitations of negative validations of user supplied urls with Go http package
  • how positive validation can overcome some of those shortcomings, but it’s still vulnerable
  • integrating safeurl library in your Go applications
  • taking it one step further with network controls and authentication
  • impacts of SSRF in real life attacks.

To make this talk more practical, we will also perform a live coding demonstration of all the techniques discussed.

At the end of this talk, attendees will have a better understanding of SSRF attacks, how they work, and how to protect their Go applications from them. They will also have a clear idea of the various tools and techniques available to mitigate SSRF risks, making it harder for attackers to exploit these vulnerabilities.

Bio:
Marcin Niemiec is security researcher, bug bounty hunter and appsec engineer. Currently working as Senior Cloud Security Engineer in Form3

Video/recordings:

[Slides in Github repo (PDF)] [Recording (MP4)]

Comments are closed.