Server-side request forgery (SSRF) attack is a type of exploit that can be used to manipulate the input parameters of an application that interacts with external systems.
- An attacker can inject a special URL to force an application to access an internal resource that is not intended to be exposed.
- This is a threat not only for traditional web applications but also for cloud resources like AWS Lambda.
- The article provides an example of an SSRF attack on AWS Lambda that allows an attacker to gain administrator access.
- To prevent such attacks, it is recommended to validate every input, follow the least privilege principle in AWS IAM roles, add authentication and authorization to public API endpoints, and blacklist unused URL schemas.
