How to prevent SSRF Attacks in Node.js
Use Snyk for free to find and fix security issues in your applications today! https://snyk.co/ugLYn
In today's video, we will be diving deep into keeping your Node.js applications secure from Server-side request forgery (SSRF). What are your experiences with SSRF? let us know in the comments below!
Read more about preventing SSRF in Node.js in our related blog post: https://snyk.co/ugYuZ
✍️ Resources ✍️
- Example Repository: https://github.com/snyk-snippets/ssrf-in-nodejs
- Rest Client VS Code Extension: https://marketplace.visualstudio.com/items
- Zod: https://snyk.co/ugZaR
- is-url vulnerable package version example: https://snyk.co/ugZaY
⏲️ Chapters ⏲️
00:00 - Intro
00:18 - What is SSRF?
01:08 - Basic Request Example
02:08 - Basic SSRF Attack Example
03:15 - Blind SSRF Attack Example
04:04 - How to Prevent SSRF Attacks
04:11 - Validating and Sanitizing User Input
06:14 - Enforcing URL Schemas
06:55 - Using an Allowlist in your Application
07:57 - Using a Firewall
08:31 - Keep Dependencies Updated with Snyk
09:13 - Summary
09:30 - Outro
⚒️ About Snyk ⚒️
Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
Learn more about Snyk: https://snyk.co/ugLYl
📱 Connect with Us 📱
🖥️ Website: https://snyk.co/ugLYl
🐦 X: http://twitter.com/snyksec
💼 LinkedIn: https://www.linkedin.com/company/snyk
💬 Discord: https://discord.gg/devsecops-community-918181751526948884
- ️ Subscribe: https://www.youtube.com/c/SnykSec
- 🔥 We're hiring! Check our open roles: https://snyk.co/ugLYp
🔗 Hashtags 🔗
#DevSecOps #ssrf #datasecurity #github #snyk #cyberattack