If your service takes a URL from a user and fetches it server-side - a monitor, a link previewer, a webhook tester, an "import from URL" button - you've built a server-side request forgery (SSRF) engine whether you meant to or not. NorthDuty is a website health monitor: you give it a URL, we loa...

Source: [Dev.to](https://dev.to/mihail_147bfaf4bbb8ec9949/your-url-fetching-service-is-an-ssrf-engine-heres-the-two-layer-guard-we-shipped-5ck9)

Sponsored