SSRF Threats and Detection
RCCE students will learn Server-Side Request Forgery vulnerabilities including internal service enumeration, cloud metadata access, protocol smuggling, and blind SSRF exploitation. RCCE students will learn to identify SSRF vulnerabilities in web applications and APIs, exploit SSRF to access internal services, cloud instance metadata endpoints, and protected resources, detect SSRF through application logging and network monitoring, implement remediation using allowlisting, URL validation, network segmentation, and metadata service protection, configure WAF rules for SSRF pattern detection, and assess SSRF risk in cloud environments where metadata services provide access to sensitive credentials. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SSRF Threats and Detection
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview fundamentals
- Execute hands-on tasks for server-side request forgery — the hidden gateway
- Execute hands-on tasks for server-side request forgery — covering Abuses server as a proxy to internal networks.
- Execute hands-on tasks for attack type
- Execute hands-on tasks for internal service enumeration
- Execute hands-on tasks for how attackers enumerate
- Build detections and response workflows for privilege escalation, including Scan internal IP ranges (10.x, 172.16.x, 192.168.x).
- Execute hands-on tasks for cloud metadata access
- Execute hands-on tasks for metadata endpoint
- Execute hands-on tasks for impact of metadata access — covering IAM role credentials leaked.
| Module 01 | SSRF Threats and Detection |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Executive Overview |
| Module 04 | Server-Side Request Forgery — The Hidden Gateway |
| Module 05 | Server-Side Request Forgery |
| Module 06 | Attack Type |
| Module 07 | Internal Service Enumeration |
| Module 08 | How Attackers Enumerate |
| Module 09 | Detection Indicators |
| Module 10 | Cloud Metadata Access |
| Module 11 | Metadata Endpoint |
| Module 12 | Impact of Metadata Access |
| Module 13 | Protocol Smuggling Techniques |
| Module 14 | Target: Redis, Memcached |
All hands-on labs run on Rocheston Rose X OS. Students practice ssrf threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain Executive Overview fundamentals
- Lab 4: Execute hands-on tasks for server-side request forgery — the hidden gateway
- Lab 5: Execute hands-on tasks for server-side request forgery
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SSRF Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI