Tag
cwe-918
Safeguard articles tagged "cwe-918" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Preventing SSRF in Node.js applications
A single unvalidated URL in a fetch or axios call can let an attacker reach 169.254.169.254 and steal cloud credentials — as the 2019 Capital One breach showed.
Jul 7, 20266 min read
Security Guides
SSRF Prevention in Go: Blocking Metadata, Redirects, and DNS Rebinding
A single unvalidated URL passed to net/http can hand an attacker your cloud metadata credentials. Here's how SSRF actually works against Go services — and the DialContext-level defense that stops it.
Jul 2, 20265 min read
Vulnerability Guides
What is SSRF (Server-Side Request Forgery)?
Server-side request forgery tricks your own backend into making attacker-chosen requests — often against internal systems it should never reach. Here's how SSRF works and how to shut it down.
Jul 1, 20265 min read