August 30, 2012
“SSRF: The new threat for Business Critical Applications” from RSA China 2012
A short version of BlackHat talk. Most business applications like SAP are secured from attackers by firewalls, DMZs and internal ACLs, so that an attacker has to bypass many lines of defense to enter the core of business. With the help of a new attack vector, SSRF, and one of its implementations – XXE Tunneling, it is possible to bypass the restrictions by sending exploits from a trusted source.