Breadcrumb
  1. Training
  2. Education & Training Catalog
  3. CMD+CTRL Security
  4. Defending TypeScript Applications Against SSRF

Defending TypeScript Applications Against SSRF

This lab introduces Server-side Request Forgery (SSRF) vulnerabilities that occur when an attacker can manipulate the destination of web requests issued by an application. In that case, they can access internal network resources or local filesystem objects or invoke functionality exposed by web APIs, such as the cloud server metadata APIs, database HTTP interfaces, and web APIs exposed by other parts of the application or other applications. SSRF impact includes extracting authentication credentials from cloud server metadata interfaces and sensitive application data from NoSQL databases. The solution to this issue is to restrict the destinations of the requests to only valid external services or to calculate the destinations of requests without including user input. This Skill Lab offers a virtual environment that contains a vulnerable application and its source code for training developers to identify and remediate SSRF vulnerabilities.

Provider Information

More courses from this provider:
Contact Information

187 Ballardvale Street, Suite A195
Wilmington, MA 01887

Course Overview

Overall Proficiency Level
3 - Advanced
Course Catalog Number
LAB 314
Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Online, Self-Paced
  • Online, Self-Paced

Learning Objectives

In this Defending TypeScript Skill Lab, learners can gain hands-on experience testing for SSRF vulnerabilities and implementing suitable mitigations. The possible mitigations include restricting the destinations to which the application can send requests to valid external services, calculating the destinations without including user input, or avoiding sending requests to external services when unnecessary.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov(link sends email). Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date:

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate in our survey?

If you accept you will be leaving the National Initiative for Cybersecurity Careers and Studies website and going to a third party site.
That site may have different privacy, security and accessibility policies than the National Initiative for Cybersecurity Careers and Studies site.
National Initiative for Cybersecurity Careers and Studies does not endorse any commercial products, services, programs or content on the third party website.
Thank you for visiting our site. We hope your visit was informative and enjoyable.