SSRF: The New Threat For Business-Critical Applications presented at RSAChina 2012

by Alexander mikhailovich Polyakov,

Tags: Security

Summary : Most business applications like SAP are secured from attackers by firewalls, DMZs and internal ACLs, so that an attacker has to bypass many lines of defense to enter the core of business. With the help of a new attack vector, SSRF, and one of its implementations XXE Tunneling, it is possible to bypass the restrictions by sending exploits from a trusted source.