OWASP Top 10 API Security Risks – 2023: API7:2023 – Server-Side Request Forgery (SSRF)
SSRF vulnerabilities occur when an API fetches a remote resource using a user-supplied Uniform Resource Identifier (URI) without adequate validation. This oversight allows attackers to manipulate the request, coercing the server to interact with unintended destinations. These attacks bypass traditional network controls like firewalls and VPNs, making them particularly insidious.
