BiteSizedChunks.comLearn one small thing at a time.

Course contentsShow

Security

846What is Cross-Site Request Forgery (CSRF)
847CSRF Attack Anatomy and Prerequisites
848GET vs POST CSRF Attacks
849CSRF Attack Vectors and Delivery Methods
850CSRF Impact and Real-World Examples
851Why Cookie-Based Authentication is Vulnerable
852CSRF vs XSS: Key Differences
853Testing for CSRF Vulnerabilities
854CSRF in Modern Applications and SPAs
855Same-Origin Policy Fundamentals
856Origin Definition and Comparison
857SOP Impact on JavaScript and DOM Access
858SOP Exceptions and Relaxations
859CORS Basics and Preflight Requests
860CORS Request and Response Headers
861CORS Wildcards and Credential Handling
862CORS Misconfiguration Vulnerabilities
863Exploiting CORS Misconfigurations
864CORS Security Best Practices
865Synchronizer Token Pattern
866Double Submit Cookie Pattern
867SameSite Cookie Attribute
868Custom Request Headers
869Origin and Referer Validation
870Framework-Specific CSRF Protection
871Token Rotation and Lifecycle
872CSRF Protection for AJAX and SPAs
873Defense-in-Depth CSRF Strategy
874CORS Fundamentals and Same-Origin Policy Relaxation
875CORS Request Types: Simple vs Preflight
876Access-Control-Allow-Origin Misconfigurations
877Credentials and CORS: Access-Control-Allow-Credentials
878Exploiting Origin Reflection Vulnerabilities
879Subdomain and Partial Origin Validation Bypasses
880Pre-Domain Wildcard and Null Origin Attacks
881CORS Security Best Practices and Defense
882SSRF Fundamentals and Attack Surface
883SSRF Impact and Attack Scenarios
884Basic SSRF Exploitation Techniques
885Cloud Metadata Service Attacks
886Internal Network Enumeration via SSRF
887Protocol Smuggling and Scheme Exploitation
888Blind SSRF Detection and Exploitation
889SSRF Filter Bypass Techniques
890DNS Rebinding Attacks
891SSRF in Modern Architectures
892SSRF Prevention Strategies
893Testing for SSRF Vulnerabilities
894URL and Input Validation for SSRF Prevention
895Network-Level SSRF Defenses
896Preventing Internal Network Access
897DNS Rebinding and TOCTOU Protections
898Response Handling and Information Disclosure
899Authentication and Authorization for Outbound Requests
900Monitoring and Detection of SSRF Attempts

Security

846What is Cross-Site Request Forgery (CSRF)
847CSRF Attack Anatomy and Prerequisites
848GET vs POST CSRF Attacks
849CSRF Attack Vectors and Delivery Methods
850CSRF Impact and Real-World Examples
851Why Cookie-Based Authentication is Vulnerable
852CSRF vs XSS: Key Differences
853Testing for CSRF Vulnerabilities
854CSRF in Modern Applications and SPAs
855Same-Origin Policy Fundamentals
856Origin Definition and Comparison
857SOP Impact on JavaScript and DOM Access
858SOP Exceptions and Relaxations
859CORS Basics and Preflight Requests
860CORS Request and Response Headers
861CORS Wildcards and Credential Handling
862CORS Misconfiguration Vulnerabilities
863Exploiting CORS Misconfigurations
864CORS Security Best Practices
865Synchronizer Token Pattern
866Double Submit Cookie Pattern
867SameSite Cookie Attribute
868Custom Request Headers
869Origin and Referer Validation
870Framework-Specific CSRF Protection
871Token Rotation and Lifecycle
872CSRF Protection for AJAX and SPAs
873Defense-in-Depth CSRF Strategy
874CORS Fundamentals and Same-Origin Policy Relaxation
875CORS Request Types: Simple vs Preflight
876Access-Control-Allow-Origin Misconfigurations
877Credentials and CORS: Access-Control-Allow-Credentials
878Exploiting Origin Reflection Vulnerabilities
879Subdomain and Partial Origin Validation Bypasses
880Pre-Domain Wildcard and Null Origin Attacks
881CORS Security Best Practices and Defense
882SSRF Fundamentals and Attack Surface
883SSRF Impact and Attack Scenarios
884Basic SSRF Exploitation Techniques
885Cloud Metadata Service Attacks
886Internal Network Enumeration via SSRF
887Protocol Smuggling and Scheme Exploitation
888Blind SSRF Detection and Exploitation
889SSRF Filter Bypass Techniques
890DNS Rebinding Attacks
891SSRF in Modern Architectures
892SSRF Prevention Strategies
893Testing for SSRF Vulnerabilities
894URL and Input Validation for SSRF Prevention
895Network-Level SSRF Defenses
896Preventing Internal Network Access
897DNS Rebinding and TOCTOU Protections
898Response Handling and Information Disclosure
899Authentication and Authorization for Outbound Requests
900Monitoring and Detection of SSRF Attempts

← Security

Lesson 888 of 3,052·18. Web Security - CSRF and Request ForgeryPro lesson

Blind SSRF Detection and Exploitation

Identifying SSRF when no response is returned using DNS exfiltration, timing attacks, and out-of-band techniques.

This lesson is for subscribers

You've completed the free preview. Subscribe to unlock every lesson in every course.

See pricing Back to course