Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) is a type of computer security vulnerability. Basically, it’s when a bad guy can trick a server to make requests to websites or services that it shouldn’t be talking to.
Here’s an example: let’s say a server has a feature where users can input the URL of an image they want to use on their profile. If the server doesn’t properly check that the URL is actually an image, a bad guy could send a request to a different website and get sensitive information, like passwords, from that website.
The reason it’s called “server-side” is because the attack happens on the server, not on the client side (like your computer or phone).
To prevent SSRF attacks, it’s important for servers to properly validate any input that users can give, and to only allow requests to pre-approved websites or services.