rspec/rules/S5144/rationale.adoc

Server-Side Request Forgery (SSRF) occurs when attackers can coerce a server to
perform arbitrary requests on their behalf. +

An SSRF vulnerability can either be basic or blind, depending on whether the
server's fetched data is directly returned in the web application's response. +
The absence of the corresponding response for the coerced request on the
application is not a barrier to exploitation and thus must be treated in the
same way as basic SSRF.
[APPSEC-90] Modify rule S5144: Educational content (#1205) 2022-09-01 17:36:53 +02:00			`Server-Side Request Forgery (SSRF) occurs when attackers can coerce a server to`
			`perform arbitrary requests on their behalf. +`

			`An SSRF vulnerability can either be basic or blind, depending on whether the`
			`server's fetched data is directly returned in the web application's response. +`
			`The absence of the corresponding response for the coerced request on the`
			`application is not a barrier to exploitation and thus must be treated in the`
			`same way as basic SSRF.`