'External Service Interaction SSRF IP address Vulnerability in JAVA

I have a form which takes User email and password for Signup, and after clicking on submit button I send them a verification email to their respective email id using AWS SES. Only after proper verification user can use my application (Java Spring Boot Application).

But the problem is, on that point my application is vulnerable for the blind SSRF attack, attacker can use my application as a proxy to hit next service. Also anyone can see the DNS and IP using Burp Colaborator.

I heard about domain/IP Whitelisting & Blacklisting. But I don't want to block any IP or domain to use my application. What Can be the possible solution approaches to mitigate SSRF vulnerability using?

I also wonder what facebook, twitter and other services does to avoid this blind SSRF attack.

spring-bootspring-securitycsrfburpssrf.netasp.net-mvcasp.net-core


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

detect events on powerpoint shapes from C#

detect events on powerpoint shapes from C#

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

Class not inheriting from object?

Class not inheriting from object?

What is a StickyLabel, and why does it sit in a ContextMenuStrip.Contols collection?

Using a BindingSource, how do I tell if I have changes pending?

Secure cookies flag always getting lost in first session after resetting IIS

Including Pictures in an Outlook Email

automapper map interface to interface or object

Union two list by property

Suggestions for designing complex LINQ code

VS 2022 - cannot change Target Platform to .Net 6.0 for a project created in VS 2019

How to programmatically derive Windows Downloads folder "%USERPROFILE%/Downloads"?