How to prevent Server Side Request Forgery

The application must determine what input data is allowed and check it before starting work. In this case, you need to check URL with two criteria

  • A valid URI-schema, for example http://
  • A resolved list of web site addresses, it means that you need to verify that the IP address is public

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  Explore HTTP Response Splitting →