Azure API Management flaws highlight server-side request forgery risks in API development

In his recent article for CSO Online, Lucian Constantin discusses three vulnerabilities the Ermetic Research Team recently discovered and Microsoft patched in its Azure API Management service. Two of those vulnerabilities enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal Azure assets. He posits that the proof-of-concept exploits highlight common errors that developers could make when trying to implement blacklist-based restrictions for their own APIs and services.

Read the full article on CSO Online to find out how new SSRF vulnerabilities expose the weaknesses of using blacklisting techniques as a defense mechanism.