[1] OWASP A10 Server-Side Request Forgery (SSRF) OWASP Top 10:2021
[2] Alexander Polyakov SSRF vs. Business critical applications BlackHat 2012
[3] SSRF bible. Cheatsheet ONSec Labs
[4] Standards Mapping - Common Weakness Enumeration
CWE ID 918[5] Standards Mapping - Common Weakness Enumeration Top 25 2021
[24] CWE ID 918[6] Standards Mapping - Common Weakness Enumeration Top 25 2022
[21] CWE ID 918[7] Standards Mapping - Common Weakness Enumeration Top 25 2023
[19] CWE ID 918[8] Standards Mapping - DISA Control Correlation Identifier Version 2
CCI-002754[9] Standards Mapping - FIPS200
SI[10] Standards Mapping - General Data Protection Regulation (GDPR)
Access Violation[11] Standards Mapping - NIST Special Publication 800-53 Revision 4
SI-10 Information Input Validation (P1)[12] Standards Mapping - NIST Special Publication 800-53 Revision 5
SI-10 Information Input Validation[13] Standards Mapping - OWASP API 2023
API7 Server Side Request Forgery[14] Standards Mapping - OWASP Application Security Verification Standard 4.0
5.2.6 Sanitization and Sandboxing Requirements (L1 L2 L3), 12.6.1 SSRF Protection Requirements (L1 L2 L3), 13.1.1 Generic Web Service Security Verification Requirements (L1 L2 L3)[15] Standards Mapping - OWASP Mobile 2014
M5 Poor Authorization and Authentication[16] Standards Mapping - OWASP Mobile 2024
M4 Insufficient Input/Output Validation[17] Standards Mapping - OWASP Top 10 2004
A1 Unvalidated Input[18] Standards Mapping - OWASP Top 10 2007
A4 Insecure Direct Object Reference[19] Standards Mapping - OWASP Top 10 2010
A4 Insecure Direct Object References[20] Standards Mapping - OWASP Top 10 2013
A4 Insecure Direct Object References[21] Standards Mapping - OWASP Top 10 2017
A5 Broken Access Control[22] Standards Mapping - OWASP Top 10 2021
A10 Server-Side Request Forgery[23] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1
Requirement 6.5.1[24] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2
Requirement 6.3.1.1, Requirement 6.5.4[25] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0
Requirement 6.5.8[26] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0
Requirement 6.5.8[27] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1
Requirement 6.5.8[28] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2
Requirement 6.5.8[29] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1
Requirement 6.5.8[30] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0
Requirement 6.2.4[31] Standards Mapping - Payment Card Industry Software Security Framework 1.0
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control[32] Standards Mapping - Payment Card Industry Software Security Framework 1.1
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation[33] Standards Mapping - Payment Card Industry Software Security Framework 1.2
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.2.3 - Web Software Access Controls, Control Objective C.3.2 - Web Software Attack Mitigation[34] Standards Mapping - Security Technical Implementation Guide Version 3.1
APP3510 CAT I, APP3600 CAT II[35] Standards Mapping - Security Technical Implementation Guide Version 3.4
APP3510 CAT I, APP3600 CAT II[36] Standards Mapping - Security Technical Implementation Guide Version 3.5
APP3510 CAT I, APP3600 CAT II[37] Standards Mapping - Security Technical Implementation Guide Version 3.6
APP3510 CAT I, APP3600 CAT II[38] Standards Mapping - Security Technical Implementation Guide Version 3.7
APP3510 CAT I, APP3600 CAT II[39] Standards Mapping - Security Technical Implementation Guide Version 3.9
APP3510 CAT I, APP3600 CAT II[40] Standards Mapping - Security Technical Implementation Guide Version 3.10
APP3510 CAT I, APP3600 CAT II[41] Standards Mapping - Security Technical Implementation Guide Version 4.2
APSC-DV-002560 CAT I[42] Standards Mapping - Security Technical Implementation Guide Version 4.3
APSC-DV-002560 CAT I[43] Standards Mapping - Security Technical Implementation Guide Version 4.4
APSC-DV-002560 CAT I[44] Standards Mapping - Security Technical Implementation Guide Version 4.5
APSC-DV-002560 CAT I[45] Standards Mapping - Security Technical Implementation Guide Version 4.6
APSC-DV-002560 CAT I[46] Standards Mapping - Security Technical Implementation Guide Version 4.7
APSC-DV-002560 CAT I[47] Standards Mapping - Security Technical Implementation Guide Version 4.8
APSC-DV-002560 CAT I[48] Standards Mapping - Security Technical Implementation Guide Version 4.9
APSC-DV-002560 CAT I[49] Standards Mapping - Security Technical Implementation Guide Version 4.10
APSC-DV-002560 CAT I[50] Standards Mapping - Security Technical Implementation Guide Version 4.11
APSC-DV-002560 CAT I[51] Standards Mapping - Security Technical Implementation Guide Version 4.1
APSC-DV-002560 CAT I[52] Standards Mapping - Security Technical Implementation Guide Version 5.1
APSC-DV-002560 CAT I[53] Standards Mapping - Security Technical Implementation Guide Version 5.2
APSC-DV-002560 CAT I[54] Standards Mapping - Security Technical Implementation Guide Version 5.3
APSC-DV-002530 CAT II, APSC-DV-002560 CAT I[55] Standards Mapping - Web Application Security Consortium Version 2.00
Abuse of Functionality (WASC-42)