Server-Side Request Forgery: Hacking the OWASP Top 10

Get real-world training at Pentest.TV: → Fundamentals Course ($25/mo): https://pentest.tv/courses/pentest-fundamentals-course/ → Professionals Course + Mentoring ($99/mo): https://pentest.tv/courses/pentest-professional-course/ In this video, we dive deep into server-side request forgery using WebGoat as the exploitable applicaiton. Learn how attackers can modify URL references within web requests to gain access to sensitive data or attack remote systems. This vulnerability is identified on the OWASP Top 10 as: A10:2021 - Server-Side Request Forgery The weaknesses identified during this test shows that "flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL)." Make sure to check out https://Pentest.TV for additional resources, including free ethical hacking courses. Happy Hacking!