From 3cb5121d50aa13472e9e4dd0cc7f6cdd90bd391f Mon Sep 17 00:00:00 2001
From: Syed Khaild Tipu Razvi <110707546+SKTR13055@users.noreply.github.com>
Date: Sun, 26 Apr 2026 14:56:28 +0530
Subject: [PATCH] Update antivirus terminology and add SSRF section

---
 README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 503f98e..e3f26c0 100644
--- a/README.md
+++ b/README.md
@@ -117,7 +117,7 @@ If you do have any project to show, make sure that you prepare it before the int
 
 ### Could you share some general endpoint security product categories?
 
- - Antivirus
+ - AV  (Antivirus)
  - EDR (Endpoint Detection and Response)
  - XDR (Extended Detection and Response)
  - DLP (Data Loss Prevention)
@@ -377,6 +377,10 @@ LFI differs from RFI because the file that is intended to be included is on the
 
 Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. ([OWASP](https://owasp.org/www-community/attacks/csrf))
 
+### What is SSRF?
+
+In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests towards internal services which are not intended to be exposed. ([OWASP](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery))
+
 ### What is WAF?
 
 Web Application Firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), file inclusion, and SQL Injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. ([Cloudflare](https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/))