In a Server-Side Request Forgery (SSRF) attack, an attacker abuses server functionality to access resources or modify them in order to gain access to internal data or services. Attackers generally target applications that allow them to read data from URLs or support data imports from URLs. Threat actors can manipulate URLs by replacing them with entirely new ones, or by conducting an attack traversal attack.