SSRF (Server Side Request Forgery) vulnerability allows an attacker to change a parameter used on the Node.js application to create or control requests from the vulnerable server.
This introduces attack vectors such as
scanning the internal network
timeout the thread
bypass host based authentication
sending requests impersonating the server
The example could show the use of a whitelist of allowed domains and protocols from where the Node.js can fetch remote resources (and mention to avoid the use of user provided url's unless really required)
SSRF (Server Side Request Forgery) vulnerability allows an attacker to change a parameter used on the Node.js application to create or control requests from the vulnerable server.
This introduces attack vectors such as
The example could show the use of a whitelist of allowed domains and protocols from where the Node.js can fetch remote resources (and mention to avoid the use of user provided url's unless really required)