SSRF Incident Handling: Lab Series
RCCE students will learn Server-Side Request Forgery vulnerabilities including internal service enumeration, cloud metadata access, protocol smuggling, and blind SSRF exploitation. RCCE students will learn to identify SSRF vulnerabilities in web applications and APIs, exploit SSRF to access internal services, cloud instance metadata endpoints, and protected resources, detect SSRF through application logging and network monitoring, implement remediation using allowlisting, URL validation, network segmentation, and metadata service protection, configure WAF rules for SSRF pattern detection, and assess SSRF risk in cloud environments where metadata services provide access to sensitive credentials. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SSRF Incident Handling: Lab Series
- Execute hands-on tasks for lab series
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Identify SSRF in web apps and APIs.
- Execute hands-on tasks for course structure — covering 18 core topic areas covered.
- Execute hands-on tasks for web application
- Execute hands-on tasks for risk impact — covering User-controlled URL.
- Execute hands-on tasks for common entry points — covering URL fetch parameters (url=, path=, src=), GraphQL query parameters.
- Execute hands-on tasks for api-specific vectors — covering GraphQL query parameters.
- Execute hands-on tasks for hidden surfaces — covering SVG file upload (xlink:href).
- Execute hands-on tasks for full ssrf — covering Response returned to.
- Execute hands-on tasks for blind ssrf — covering No response visible.
- Execute hands-on tasks for semi-blind ssrf — covering Partial response indicators.
| Module 01 | Lab Series |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Structure |
| Module 05 | Web Application |
| Module 06 | Risk Impact |
| Module 07 | Common Entry Points |
| Module 08 | API-Specific Vectors |
| Module 09 | Hidden Surfaces |
| Module 10 | Full SSRF |
| Module 11 | Blind SSRF |
| Module 12 | Semi-Blind SSRF |
| Module 13 | Severity Factors |
| Module 14 | Context Matters |
All hands-on labs run on Rocheston Rose X OS. Students practice ssrf incident handling: lab series by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for lab series
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for web application
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SSRF Incident Handling: Lab Series, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI