Security Glossary

Definition

SSRF

What is Server-Side Request Forgery?

A vulnerability that allows an attacker to induce a server to make HTTP requests to arbitrary internal or external destinations on their behalf, bypassing network segmentation and firewall controls. SSRF is particularly dangerous in cloud environments where it can be leveraged to reach instance metadata services and retrieve temporary credentials for full account takeover. It is a common finding in applications that fetch remote URLs, process webhooks, or retrieve content from user-supplied addresses.

Related terms

Put this into practice
API security testing automation
See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.