[Owasp-topten] Fwd: About SSRF's order in the Top 10
dave.wichers at owasp.org
Fri Oct 28 12:49:05 UTC 2016
I suspect that SSRF on its own wouldn't make the list, but it does make
sense to me to include it as a new variant of CSRF. I plan to raise some
awareness of SSRF in this manner in the new Top 10. Thanks for your note.
On Fri, Oct 28, 2016 at 5:18 AM, Ziyahan ALBENiZ <ziyahanalbeniz at gmail.com>
> Hi there,
> Now I am working on SSRF now and I've wanted to consult you about that,
> what do you think about classification of SSRF? If you were a one who tries
> to put SSRF a place in Top 10 list, which one would be your preference?
> Unvalidated Redirect and Forward sometimes sounds suitable. But I am with
> the Missing Function Level Access.
> Thanks in advance.
> Ziyahan Albeniz
> Bilgisayar Programcısı / Computer Programmer / Komputila Programisto
> *GSM :* +90 533 637 1572
> *Skype :* ziyahanalbeniz
> *Web : *http://ziyahanalbeniz.blogspot.com
> *Twitter*: @ziyaxanalbeniz <https://twitter.com/ziyaxanalbeniz>
> *LinkedIn :* http://www.linkedin.com/in/ziyahanalbeniz
> *PGP* : 0xA6A34AFD / https://keybase.io/ziyahan
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten