API7:2023 — Server Side Request Forgery | Precogs Vulnerability Hub

Q: How does SSRF affect APIs?

API7:2023 covers SSRF via webhooks, URL imports, and integrations. APIs fetching user-provided URLs can be tricked into accessing cloud metadata for credential theft.

How does SSRF affect APIs?

SSRF in the context of APIs — webhook URLs, file import from URL, custom integrations, and URL preview features that fetch user-provided URLs without validation, accessing internal services or cloud metadata.

Impact

APIs with webhook or URL-fetch features are prime SSRF targets. Cloud metadata exploitation (AWS IMDSv1) can yield IAM credentials and full account compromise.

How Precogs AI Addresses API7

Precogs AI detects SSRF in API webhook handlers, URL import features, and integration callbacks, testing for internal network and cloud metadata access during Binary DAST.

Scan for API7 Risks

Related CWEs

CWE-918 — View in Precogs Hub

API7:2023 — Server Side Request Forgery

How does SSRF affect APIs?

Impact

How Precogs AI Addresses API7

Related CWEs

Risk Overview

Quick Links

Protect Against API7

How does SSRF affect APIs?

Impact

How Precogs AI Addresses API7

Related CWEs

Related Resources

🔍 Related CWE Entries

🛡️ Notable Vulnerabilities

🔗 External References

Risk Overview

Quick Links

Protect Against API7