[Owasp-topten] Fwd: About SSRF's order in the Top 10

Dave Wichers dave.wichers at owasp.org
Fri Oct 28 12:49:05 UTC 2016


I suspect that SSRF on its own wouldn't make the list, but it does make
sense to me to include it as a new variant of CSRF. I plan to raise some
awareness of SSRF in this manner in the new Top 10. Thanks for your note.

-Dave


On Fri, Oct 28, 2016 at 5:18 AM, Ziyahan ALBENiZ <ziyahanalbeniz at gmail.com>
wrote:

> Hi there,
>
> Now I am working on SSRF now  and I've wanted to consult you about that,
> what do you think about classification of SSRF? If you were a one who tries
> to put SSRF a place in Top 10 list, which one would be your preference?
>
> Unvalidated Redirect and Forward sometimes sounds suitable. But I am with
> the Missing Function Level Access.
>
> Thanks in advance.
>
> --
> Ziyahan Albeniz
> Bilgisayar Programcısı / Computer Programmer / Komputila Programisto
>
> *GSM :* +90 533 637 1572
> *Skype :* ziyahanalbeniz
> *Web    : *http://ziyahanalbeniz.blogspot.com
> *Twitter*: @ziyaxanalbeniz <https://twitter.com/ziyaxanalbeniz>
> *LinkedIn :* http://www.linkedin.com/in/ziyahanalbeniz
> *PGP* :  0xA6A34AFD   / https://keybase.io/ziyahan
>
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20161028/0aeb7b65/attachment.html>


More information about the Owasp-topten mailing list