Hey John... I would just like to comment "Awesome". Jokes apart.... They are really great videos... I Have been through all the videos of OWASP Top 10 and they are really informational and most importantly... all are in layman terms which makes it quite understandable for the noob like us in the fields of Cybersecurity.
Another great video; it gives a good idea of the concept of SSRF and some ideas for mitigating risks. However, I think that the example is a bit contrived; it would be a great example for the insecure design video. The app should not expect a URL for the stock API, it should expect a product ID then obtain the stock API URL from its own data store.
Great video series! Straight to the point by explaining the topic, giving an example, and how to prevent it.
Glad you liked them and we appreciate the nice comment!
Thanks for all the videos!
Glad you liked them and we appreciate the comments!!
Hey John... I would just like to comment "Awesome".
Jokes apart.... They are really great videos... I Have been through all the videos of OWASP Top 10 and they are really informational and most importantly... all are in layman terms which makes it quite understandable for the noob like us in the fields of Cybersecurity.
Thanks and we really appreciate the comment! Glad you enjoyed the series!!
Another great video; it gives a good idea of the concept of SSRF and some ideas for mitigating risks. However, I think that the example is a bit contrived; it would be a great example for the insecure design video. The app should not expect a URL for the stock API, it should expect a product ID then obtain the stock API URL from its own data store.
thanks for the comment!
In what real world scenario would an api accept the url it should fetch? And if it did, isn’t that just another form of injection?
Thanks for the video series😇
You are welcome, glad you enjoyed it and thanks for the comment!!
Great speaker
Thanks! We appreciate the comment!
At first, i thought he is quoting definitions on his own, but subsequently, I found he was actually paraphrasing OWASP's documentaion! So Bad
Definitely stockAPI passed from a user is not a real world example
In what real world scenario would an api accept the url it should fetch? And if it did, isn’t that just another form of injection?