From the course: Complete Guide to Cybersecurity: A Practical Approach
Join today to access over 24,400 courses taught by industry experts.
Understanding server-side request forgery (SSRF) vulnerabilities
From the course: Complete Guide to Cybersecurity: A Practical Approach
Understanding server-side request forgery (SSRF) vulnerabilities
“
- Let's go over server-side request forgery. This is one of the most common vulnerabilities nowadays in web applications. Basically, these type of vulnerabilities will enable an attacker to manipulate a server-side application to send requests to unintended destinations. Basically, the attacker can exploit this to make the server establish connections with either internal services that are restricted to the organization's infrastructure and then being able to reveal sensitive information or to external systems potentially resulting in the exposure of sensitive data like authorization, credentials, and so on. This is an example on how an attacker can initiate a server-side request forgery attack to the vulnerable application and then basically the application is unaware of the attack and executes requests on behalf of the attacker. This request can be directed towards internal services or external services as well as I mentioned to you earlier. One of the best resources out there to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Watch this course anytime, anywhere.
Get started with a free trial today.
Contents
-
-
Module 1: Cybersecurity fundamentals introduction56s
-
Learning objectives48s
-
Understanding the security concepts of information assurance9m 4s
-
Understanding the risk management process12m 50s
-
Understanding security controls2m 37s
-
Understanding governance processes6m 36s
-
Building your cybersecurity lab4m 59s
-
-
-
(Locked)
Learning objectives30s
-
(Locked)
Understanding physical access controls4m 42s
-
(Locked)
Exploring the principle of least privilege3m 6s
-
(Locked)
Understanding the concept of segregation of duties2m 13s
-
(Locked)
Introducing discretionary access control (DAC)5m 7s
-
(Locked)
Understanding mandatory access control (MAC)6m 9s
-
(Locked)
Understanding role-based access control (RBAC)1m 38s
-
(Locked)
-
-
(Locked)
Learning objectives40s
-
(Locked)
Software defined networking security4m 14s
-
(Locked)
Understanding the threats against SDN solutions2m 21s
-
(Locked)
Introducing network programmability8m 25s
-
(Locked)
Introducing SD-WAN and modern architectures3m 21s
-
(Locked)
Surveying the OWASP Top 103m 40s
-
(Locked)
-
-
(Locked)
Learning objectives45s
-
(Locked)
Introducing cryptography and cryptanalysis2m 52s
-
(Locked)
Understanding encryption protocols9m 54s
-
(Locked)
Describing hashing algorithms2m 50s
-
(Locked)
Introducing public key infrastructure (PKI)1m 37s
-
(Locked)
Introducing certificate authorities (CAs) and certificate enrollment8m 11s
-
(Locked)
Surveying SSL and TLS implementations5m 54s
-
(Locked)
Surveying IPsec implementations and modern VPN implementations5m 42s
-
(Locked)
-
-
(Locked)
Module 2: Incident response, digital forensics, and threat hunting introduction39s
-
(Locked)
Learning objectives54s
-
(Locked)
Exploring how to get started in incident response6m 6s
-
(Locked)
Understanding the incident response process5m 46s
-
(Locked)
Defining playbooks and run book automation (RBA)10m 29s
-
(Locked)
Understanding cyber threat intelligence (CTI)10m 23s
-
(Locked)
Understanding data normalization3m 1s
-
(Locked)
Deconstructing universal data formats and 5-tuple correlation1m 19s
-
(Locked)
Understanding security monitoring fundamentals6m 32s
-
(Locked)
Surveying security monitoring tools13m 33s
-
(Locked)
-
-
(Locked)
Learning objectives40s
-
(Locked)
Introducing digital forensics9m 10s
-
(Locked)
Introducing reverse engineering6m 30s
-
(Locked)
Understanding evidence preservation and chain of custody8m 9s
-
(Locked)
Collecting evidence from endpoints and servers6m 7s
-
(Locked)
Collecting evidence from mobile and IoT devices5m 2s
-
(Locked)
Exploring memory analysis with Volatility7m 56s
-
(Locked)
-
-
(Locked)
Module 3: Ethical hacking, penetration testing, and bug hunting introduction41s
-
(Locked)
Learning objectives47s
-
(Locked)
How to start a career in ethical hacking5m 7s
-
(Locked)
Understanding the difference between traditional pen testing, bug bounties, and red team assessments6m 45s
-
(Locked)
Exploring bug bounty programs9m 34s
-
(Locked)
Understanding the ethical hacking and bug hunting methodology11m 39s
-
(Locked)
Planning and scoping a penetration testing assessment5m 9s
-
(Locked)
-
-
(Locked)
Learning objectives1m 14s
-
(Locked)
Understanding information gathering and vulnerability identification2m 27s
-
(Locked)
Introducing open source intelligence (OSINT) techniques14m 39s
-
(Locked)
Performing DNS-based passive recon9m 2s
-
(Locked)
Identifying cloud vs. self-hosted assets7m 13s
-
(Locked)
Introducing Shodan, Maltego, AMass, Recon-NG, and other recon tools17m 34s
-
(Locked)
Surveying password dumps, file metadata, and public source-code repositories10m 53s
-
(Locked)
Introduction to Google hacking and search engine reconnaissance5m 26s
-
(Locked)
-
-
(Locked)
Learning objectives44s
-
(Locked)
Introduction to host and service enumeration6m 35s
-
(Locked)
Mastering Nmap24m 34s
-
(Locked)
Performing website and web application reconnaissance10m 22s
-
(Locked)
Discovering cloud assets7m 2s
-
(Locked)
Crafting packets with Scapy to perform reconnaissance5m 48s
-
(Locked)
-
-
(Locked)
Learning objectives53s
-
(Locked)
Performing on-path attacks5m 43s
-
(Locked)
Exploring the OWASP Top 10 risks in web applications6m 17s
-
(Locked)
Exploiting cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities16m 47s
-
(Locked)
Understanding server-side request forgery (SSRF) vulnerabilities10m 6s
-
(Locked)
Hacking databases23m 2s
-
(Locked)
Exploiting wireless vulnerabilities16m 54s
-
(Locked)
Exploiting buffer overflows and creating payloads24m 4s
-
(Locked)
-
-
(Locked)
Learning objectives1m 4s
-
(Locked)
Avoiding detection and evading security tools4m 26s
-
(Locked)
Introduction to lateral movement and exfiltration3m 32s
-
(Locked)
Exploring command and control (C2) techniques7m 54s
-
(Locked)
Understanding living-off-the-land and fileless malware4m 52s
-
(Locked)
Best practices when creating pen testing and bug bounty reports11m 24s
-
(Locked)
Understanding post-engagement cleanup4m 22s
-
(Locked)
-
-
(Locked)
Module 4: Cloud, DevOps, and IoT security introduction40s
-
(Locked)
Learning objectives34s
-
(Locked)
Introducing the different cloud deployment and service models4m 32s
-
(Locked)
Surveying patch management in the cloud13m 54s
-
(Locked)
Performing security assessments in cloud environments5m 58s
-
(Locked)
Exploring cloud logging and monitoring methodologies4m 10s
-
(Locked)
-
-
(Locked)
Module 5: AI security, ethics, and privacy: Balancing innovation with protection introduction33s
-
(Locked)
Learning objectives47s
-
(Locked)
Surveying the AI landscape and use cases6m 25s
-
(Locked)
Exploring LLMs, ChatGPT, Co-pilot and more7m 16s
-
(Locked)
Understanding the importance of AI security8m 53s
-
(Locked)
Exploring the OWASP Top 10 for LLMs11m 20s
-
(Locked)
-
-
(Locked)
Learning objectives52s
-
(Locked)
Exploring the secure AI development lifecycle8m 11s
-
(Locked)
Understanding privacy-preserving AI techniques5m 53s
-
(Locked)
Understanding robustness and resilience in AI models2m 2s
-
(Locked)
Surveying AI security best practices4m 23s
-
(Locked)
Exploring AI security tools and frameworks4m 51s
-
(Locked)
Understanding the legal landscape and potential new regulations4m 47s
-
(Locked)
Investigating ethical implications of artificial intelligence5m 6s
-
(Locked)