Safeurl HTTP library brings SSRF protection to Go applications


According to its inventors, a new open source library created to prevent server-side request forgery (SSRF) attacks closes a large hole in the toolkit available to Go developers. Incoming HTTP requests are verified against allow and block lists by Safeurl, a one-line drop-in replacement for Go’s native net/http.Client, in addition to providing protection from DNS rebinding attacks.

The library does all the labor-intensive parsing, verifying, and request-issuing work, according to Safeurl’s developers and Doyensec security engineers Viktor Chuchurski and Alessandro Cotto in a blog post.

Read More…