Back to Glossary

Glossary Term

Server-Side Request Forgery (SSRF)

Tricking a server into fetching attacker-controlled URLs inside trusted networks.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Server-Side Request Forgery (SSRF)

1-minute read

What it is

SSRF tricks servers into making unauthorized internal or external requests on behalf of attackers by manipulating URLs or request targets.

Why it matters

It can expose internal services, metadata endpoints, and credentials that should never be reachable from the internet, often acting as a pivot point for lateral movement.

How to reduce risk

  • Restrict outbound requests to approved destinations or networks
  • Validate and canonicalize user-supplied URLs before any server-side fetch
  • Run metadata services and admin APIs on isolated networks

Related Terms: Cloud Misconfiguration, Exposed Admin Interface, Remote Code Execution

External Resources:

  • OWASP – SSRF: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery