
SAST vs NexDAST
Two of the main types of application security testing are Static Analysis (SAST) and Dynamic Application Security Testing (DAST).
Server-side request forgery is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
SSRF attacks abuse any type of URL or file upload functionality in the application to send malformed URLs. This cheat sheet is the most useful for newer penetration testers who don’t have a comprehensive understanding of SSRF and want to learn how it works.
Two of the main types of application security testing are Static Analysis (SAST) and Dynamic Application Security Testing (DAST).
The Cross-Site Request Forgery (CSRF) Cheat Sheet is a flowchart that is designed to cover the common scenarios that an experienced application penetration tester would test for in CSRF testing.
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
© 2022 Bright Security Inc. All Rights Reserved