The OWASP Top 10 for Large Language Model Applications are mitigated in the development of large language model applications.
Server-Side Request Forgery (SSRF): Validate all URLs and external resource requests made by the LLM application to prevent SSRF attacks. Ensure that the LLM does not fetch unauthorized resources or communicate with untrusted endpoints. Use allow-lists for URL validation and implement network controls to prevent unauthorized data access.
To prevent SSRF, segment remote resource access functionality into isolated networks, minimizing potential exposure. Apply “deny by default” firewall or network access control rules to restrict traffic to only essential intranet resources. Maintain and review firewall rules regularly, logging all allowed and blocked network flows for accountability and monitoring purposes. At the application level, sanitize and validate all client-supplied URLs. Enforce strict URL schemas, ports, and destination policies using a positive allow-list approach. Avoid relying on deny-lists or regular expressions, as these are easily bypassed by sophisticated payloads. Do not send raw responses to clients, and disable HTTP redirections to reduce potential abuse. Be vigilant about consistency checks to prevent DNS rebinding or TOCTOU (time of check, time of use) race conditions. Avoid deploying additional critical security services like OpenID on systems exposed to SSRF risks, and ensure local traffic is strictly monitored. For systems with highly sensitive use cases, consider network encryption mechanisms such as VPNs for added security. These measures collectively establish robust defenses against SSRF exploitation.
| ID | Operation | Description | Phase | Agent |
|---|---|---|---|---|
| SSS-02-05-10-01-01 | Implement network layer protections | Enforce "deny by default" firewall rules and segment remote resource access functionality to separate networks, minimizing the impact of SSRF vulnerabilities. | Deployment | Network administrators, Security team |
| SSS-02-05-10-01-02 | Sanitize and validate input urls | Validate and sanitize user-supplied URLs, enforcing a positive allow list for URL schema, port, and destination. Reject requests with disallowed URLs. | Development | Development teams, QA team |
| SSS-02-05-10-01-03 | Harden application response handling | Strip metadata from fetched resources before sending responses and disable automatic HTTP redirections in the application. | Development | Development teams, Security team |
| Industry framework | Academic work | Real-world case |
|---|---|---|
|
Information Security Manual (ISM-1923) The Open Worldwide Application Security Project (A10:2021) The Open Worldwide Application Security Project (A10:2021) |