SSRF
Apache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert
Overview Recently, NSFOCUS CERT detected that Apache officially released a security announcement and fixed two high-risk vulnerabilities in Apache Ofbiz. CVE-2023-50968: Due to problems in Apache Software Foundation, unauthorized attackers can read ...
Penetration Testing for Server-Side Request Forgery (SSRF) in E-commerce Platforms
E-commerce platforms are highly vulnerable to various security threats, and one of the most critical vulnerabilities is Server-Side Request Forgery (SSRF). SSRF is an attack technique that enables an attacker to make ...
Salt Security Details FinTech Firm’s API Security Breach
Salt Security today revealed that its researchers discovered a server-side request forgery (SSRF) flaw in an application programming interface (API) used by an undisclosed U.S.-based financial services firm that serves hundreds of ...
CWE-918
Server-Side Request Forgery (SSRF)Image by Edgar Oliver from PixabayServer-side request forgeries (SSRF) occur when the web application sends a request to the web server, and the webserver retrieves the requested content. However, the webserver ...
Understanding and Preventing S3 Leaks
Amazon Simple Storage Service, or S3, is a popular service that many developers today rely on to quickly build applications. Over time, S3 has become a popular target for attackers, resulting in ...
What We Can Learn from the Capital One Hack
On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps ...