Abstract

In today's web, it is not uncommon for web applications to take a complete URL as input from users. Usually, once the web application receives a URL, the server opens a connection to it. However, if the URL points to an internal service and the server still makes the connection, the server becomes vulnerable to Server-Side Request Forgery (SSRF) attacks. These attacks can be highly destructive when they exploit internal services. They are equally destructive and need much less effort to succeed if the server is hosted in a cloud environment. Therefore, with the growing use of cloud computing, the threat of SSRF attacks is becoming more serious.