How to prevent SSRF Attacks in Node.js

Use Snyk for free to find and fix security issues in your applications today! https://snyk.co/ugLYn In today's video, we will be diving deep into keeping your Node.js applications secure from Server-side request forgery (SSRF). What are your experiences with SSRF? let us know in the comments below! Read more about preventing SSRF in Node.js in our related blog post: https://snyk.co/ugYuZ ✍️ Resources ✍️ - Example Repository: https://github.com/snyk-snippets/ssrf-in-nodejs - Rest Client VS Code Extension: https://marketplace.visualstudio.com/items?itemName=humao.rest-client - Zod: https://snyk.co/ugZaR - is-url vulnerable package version example: https://snyk.co/ugZaY ⏲️ Chapters ⏲️ 00:00 - Intro 00:18 - What is SSRF? 01:08 - Basic Request Example 02:08 - Basic SSRF Attack Example 03:15 - Blind SSRF Attack Example 04:04 - How to Prevent SSRF Attacks 04:11 - Validating and Sanitizing User Input 06:14 - Enforcing URL Schemas 06:55 - Using an Allowlist in your Application 07:57 - Using a Firewall 08:31 - Keep Dependencies Updated with Snyk 09:13 - Summary 09:30 - Outro ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Learn more about Snyk: https://snyk.co/ugLYl 📱 Connect with Us 📱 🖥️ Website: https://snyk.co/ugLYl 🐦 X: http://twitter.com/snyksec 💼 LinkedIn: https://www.linkedin.com/company/snyk 💬 Discord: https://discord.gg/devsecops-community-918181751526948884 ▶️ Subscribe: https://www.youtube.com/c/SnykSec?sub_confirmation=1 🔥 We're hiring! Check our open roles: https://snyk.co/ugLYp 🔗 Hashtags 🔗 #DevSecOps #ssrf #datasecurity #github #snyk #cyberattack