The latest articles on DEV Community by sanjanashetty16 (@sanjanashetty16). https://dev.to/sanjanashetty16 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F503829%2F2e54295d-fdf5-4694-bc84-c8e763ce1947.jpg https://dev.to/sanjanashetty16 en sanjanashetty16 Thu, 17 Dec 2020 11:28:06 +0000 https://dev.to/sanjanashetty16/server-side-request-forgery-attack-50ho https://dev.to/sanjanashetty16/server-side-request-forgery-attack-50ho <p><strong>What is a Server Side Request Forgery attack?</strong></p> <p>Server-Side Request Forgery, also known as SSRF refers to an attack that lets an attacker send crafted requests from the back-end server of a vulnerable web application.<br> SSRF is commonly used by attackers to target internal networks that are behind firewalls and can not be reached from the external network.</p> <p>If the user-supplied URL is processed and the back-end response is not sanitized then the attack can lead to several impacts.</p> <p><strong>How is an SSRF Vulnerability Exploited?</strong></p> <p>There are 2 ways by which an SSRF vulnerability is usually exploited:</p> <ol> <li><p>Trying to access or load sensitive content from the server. This test is for local and remote file inclusion.</p></li> <li><p>Trying to access a trust relationship that often emerges when the application server connects with back-end systems that have private IP addresses that are not routable and mostly limited to public users.</p></li> </ol> <p><em>A more detailed version along with the impact and how you can prevent the SSRF attack is published at <a href="https://beaglesecurity.com/blog/article/server-side-request-forgery-attack.html">https://beaglesecurity.com/blog/article/server-side-request-forgery-attack.html</a></em></p> security testing wordpress webdev sanjanashetty16 Sun, 01 Nov 2020 16:57:43 +0000 https://dev.to/sanjanashetty16/docker-container-security-attacking-docker-vulnerabilities-4f9h https://dev.to/sanjanashetty16/docker-container-security-attacking-docker-vulnerabilities-4f9h <p>Docker is one of the most widely used container-based technologies. It is a tool that helps to create, deploy, and run applications by using containers.</p> <p>Containers make it easy for the developers to build the application with all its dependencies and libraries and ship it out as one package. But with new technologies come new vulnerabilities.</p> <p>Below are the few attacks related to docker, its vulnerabilities, and mitigations explained. </p> <ol> <li>Privilege Escalation in a host using docker</li> <li>Dangling volumes</li> <li>Exploiting Docker Private Registry</li> <li>Accessing Docker Secrets In Environment Variables</li> <li>Exploiting Docker Daemon API</li> <li>Container Escape Using Privileged Flag</li> </ol> <p>A more detailed version along with how you can avoid these vulnerabilities is published at <a href="https://beaglesecurity.com/blog/article/docker-container-security.html">https://beaglesecurity.com/blog/article/docker-container-security.html</a></p> docker informationsecurity dockervulnerabilites