How to prevent SSRF Attacks in Node.js

Use Snyk for free to find and fix security issues in your applications today! https://snyk.co/ugLYn

In today's video, we will be diving deep into keeping your Node.js applications secure from Server-side request forgery (SSRF). What are your experiences with SSRF? let us know in the comments below!

Read more about preventing SSRF in Node.js in our related blog post: https://snyk.co/ugYuZ

✍️ Resources ✍️

• Example Repository: https://github.com/snyk-snippets/ssrf-in-nodejs
• Rest Client VS Code Extension: https://marketplace.visualstudio.com/items
• Zod: https://snyk.co/ugZaR
• is-url vulnerable package version example: https://snyk.co/ugZaY

⏲️ Chapters ⏲️

00:00 - Intro

00:18 - What is SSRF?

01:08 - Basic Request Example

02:08 - Basic SSRF Attack Example

03:15 - Blind SSRF Attack Example

04:04 - How to Prevent SSRF Attacks

04:11 - Validating and Sanitizing User Input

06:14 - Enforcing URL Schemas

06:55 - Using an Allowlist in your Application

07:57 - Using a Firewall

08:31 - Keep Dependencies Updated with Snyk

09:13 - Summary

09:30 - Outro

⚒️ About Snyk ⚒️

Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

Learn more about Snyk: https://snyk.co/ugLYl

📱 Connect with Us 📱

🖥️ Website: https://snyk.co/ugLYl
🐦 X: http://twitter.com/snyksec
💼 LinkedIn: https://www.linkedin.com/company/snyk
💬 Discord: https://discord.gg/devsecops-community-918181751526948884

• ️ Subscribe: https://www.youtube.com/c/SnykSec
• 🔥 We're hiring! Check our open roles: https://snyk.co/ugLYp

🔗 Hashtags 🔗

#DevSecOps #ssrf #datasecurity #github #snyk #cyberattack