API7:2023 — Server Side Request Forgery

Q: How does SSRF affect APIs?

API7:2023 covers SSRF via webhooks, URL imports, and integrations. APIs fetching user-provided URLs can be tricked into accessing cloud metadata for credential theft.

Verified by Precogs Threat Research

OWASP API 2023Rank #7

How does SSRF affect APIs?

SSRF in the context of APIs — webhook URLs, file import from URL, custom integrations, and URL preview features that fetch user-provided URLs without validation, accessing internal services or cloud metadata.

Impact

APIs with webhook or URL-fetch features are prime SSRF targets. Cloud metadata exploitation (AWS IMDSv1) can yield IAM credentials and full account compromise.

Related CWEs

CWE-918 — View in Precogs Hub

How Precogs AI Addresses API7

Precogs AI detects SSRF in API webhook handlers, URL import features, and integration callbacks, testing for internal network and cloud metadata access during Binary DAST.

Scan for API7 Risks Book a demo

API7:2023 — Server Side Request Forgery

How does SSRF affect APIs?

Impact

Related CWEs

Risk Overview

Quick Links

Protect Against API7

How Precogs AI Addresses API7

API7:2023 — Server Side Request Forgery

How does SSRF affect APIs?

Impact

Related CWEs

Related Resources

🔍 Related CWE Entries

🛡️ Notable Vulnerabilities

🔗 External References

Risk Overview

Quick Links

Protect Against API7

How Precogs AI Addresses API7