Request forgeries are vulnerabilities that allow an attacker to force an unauthorised request to be made.
In a CSRF attack, a user is tricked by an attacker into submitting a web request they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account.
Server-Side Request Forgery (SSRF) attacks are designed to exploit how a server processes external information. Some web applications may be designed to read information from or write information to a particular URL (like a REST API). If an attacker can modify the target URL, they can potentially exfiltrate sensitive information from the application or inject untrusted input into it.
– What they are
– Why should developers care
– Should users care?
– How to protect applications