Understanding CSRF and SSRF Attacks (Demo and Examples)

In this video, we examine two critical web security vulnerabilities: CSRF (Cross-Site Request Forgery) and SSRF (Server-Side Request Forgery). Learn about each attack, how it differs, and why it poses serious risks to web applications. Use Snyk for free to find and fix security issues in your applications today! https://snyk.co/ugLYn ✍️ Resources ✍️ CSRF blog: https://snyk.co/csrf-blog SSRF blog: https://snyk.co/ssrf-blog Web Dev Cody: ‪@WebDevCody‬ Web Dev Cody - SSRF Video:    • This is why you can't blindly use AI   ⏲️ Chapters ⏲️ 00:00 - Intro 00:37 - CSRF Explained 02:34 - SSRF Explained 04:37 - What's the difference? 05:08 - CSRF live demo 10:14 - How to protect against CSRF 10:39 - SSRF live demo 13:46 - How to prevent SSRF attacks 14:23 - Outro ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Learn more about Snyk: https://snyk.co/ugLYl 📱 Connect with Us 📱 🖥️ Website: https://snyk.co/ugLYl 🐦 X:   / snyksec   💼 LinkedIn:   / snyk   💬 Discord:   / discord   ▶️ Subscribe: https://www.youtube.com/c/SnykSec?sub... 🔥 We're hiring! Check our open roles: https://snyk.co/ugLYp 🔗 Hashtags 🔗 #DevSecOps #appsec #csrf

Join Today
Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Cross-Site Request Forgery (CSRF) | Complete Guide
▶︎

Cross-Site Request Forgery (CSRF) | Complete Guide

Cross-Site Scripting: A 25-Year Threat That Is Still Going Strong
▶︎

Cross-Site Scripting: A 25-Year Threat That Is Still Going Strong

Architectural Invisibility For Modern Cybersecurity
▶︎

Architectural Invisibility For Modern Cybersecurity

The No BS Bug Bounty & Web Hacking Roadmap
▶︎

The No BS Bug Bounty & Web Hacking Roadmap

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
▶︎

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

Cross Site Request Forgery - Computerphile
▶︎

Cross Site Request Forgery - Computerphile

Every Level of Reverse Engineering Explained
▶︎

Every Level of Reverse Engineering Explained

Server-Side Request Forgery (SSRF) | Complete Guide
▶︎

Server-Side Request Forgery (SSRF) | Complete Guide

The perfect SSRF exploitation - 10/10 Critical SSRF with JR0ch17
▶︎

The perfect SSRF exploitation - 10/10 Critical SSRF with JR0ch17

Cross Site Request Forgery vs Server Side Request Forgery Explained
▶︎

Cross Site Request Forgery vs Server Side Request Forgery Explained

Cross-Site Scripting (XSS) Explained
▶︎

Cross-Site Scripting (XSS) Explained

Proxy vs Reverse Proxy vs Load Balancer | Simply Explained
▶︎

Proxy vs Reverse Proxy vs Load Balancer | Simply Explained

Snyk Demo in 20 Minutes | 2022
▶︎

Snyk Demo in 20 Minutes | 2022

Cross-Site Request Forgery (CSRF) Explained And Demonstrated By A Pro Hacker!
▶︎

Cross-Site Request Forgery (CSRF) Explained And Demonstrated By A Pro Hacker!

Cross Site Scripting (XSS) tutorial for Beginners
▶︎

Cross Site Scripting (XSS) tutorial for Beginners

Bug Bounty Tip | Do This Exercise Every Day to Get Better at Finding XSS Bugs!
▶︎

Bug Bounty Tip | Do This Exercise Every Day to Get Better at Finding XSS Bugs!

Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
▶︎

Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!

HTTP Parameter Pollution Explained
▶︎

HTTP Parameter Pollution Explained

How I Discovered a CRITICAL Vulnerability in Grafana | Chaining XSS & SSRF | CVE-2025-4123
▶︎

How I Discovered a CRITICAL Vulnerability in Grafana | Chaining XSS & SSRF | CVE-2025-4123